Ransomware victim disclosure
← All victimsSecretaria Municipal de Saúde de Fortaleza
listed as Saude Fortaleza · Claimed by Nova · listed 8 months ago
Status timeline
- ListedNov 15, 2025
- Data leakeddate unknown
At a glance
About the victim
AI dossier — public-source company profileSecretaria Municipal de Saúde de Fortaleza is the municipal health secretariat of Fortaleza, Ceará, Brazil, responsible for administering and coordinating public health services for the city. It operates under the municipal government and oversees health policy, programs, and facilities for the population of Fortaleza. The organization is estimated to have revenues of $10M–$25M.
- Industry
- Municipal Government Health Services
- Address
- Fortaleza, Ceará, Brazil
- Employees
- 20-49
Attack summary
Severity: critical — The victim is a municipal public health authority in Brazil, making it highly likely that sensitive PII and health-related data of citizens is involved. The disclosed status is 'data_published', meaning data has already been released, raising the severity to critical given the government/healthcare context and potential for regulated personal and medical data exposure at scale.The Nova ransomware group claims to have attacked the Secretaria Municipal de Saúde de Fortaleza, with the disclosure status indicating data has been published. No specific details on encryption or the volume of exfiltrated data were provided in the post.
Data the group says was taken
AI dossier — extracted from the leak post- Government health administration records
- Potentially citizen/patient data
- Internal IT and operational data
What the group claims
Secretaria Municipal de Saude de Fortaleza is a company that operates in the Custom Software & IT Services industry. It employs 20 to 49 people and has 10M to 25M of revenue. The company is headquartered in Brazil. https://saude.fortaleza.ce.gov.br/ https://www.zoominfo.com/c/secretaria-municipal-de-sau%CC%81de-de-fortaleza/431949261
Sources
Source
Indexed 8 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

