Nurse admits lending password to delete Bolsonaro vaccine records

He withheld the details to spare her involvement in something sensitive
The government secretary told the nurse he would not disclose which records he was deleting, citing their sensitive nature.

Em Duque de Caxias, uma enfermeira entregou suas credenciais de acesso a um secretário municipal sem questionar a finalidade — um gesto de confiança que, segundo investigadores federais, tornou-se peça de uma engrenagem maior: a falsificação e posterior apagamento de registros de vacinação atribuídos ao ex-presidente Jair Bolsonaro. O caso, que levou à prisão do ex-assessor Mauro Cid e a buscas na residência de Bolsonaro, levanta questões duradouras sobre até onde pode chegar a cumplicidade involuntária quando o poder deliberadamente oculta suas intenções.

  • Registros falsos de vacinação foram inseridos no sistema municipal em nome de Bolsonaro e de sua filha e apagados seis dias depois, deixando rastros digitais que investigadores federais rastrearam até um secretário municipal.
  • Certificados oficiais de vacinação foram gerados dentro do próprio Palácio do Planalto, usando o perfil de Bolsonaro no ConecteSUS e uma conta vinculada ao e-mail de seu ex-assessor militar Mauro Cid.
  • A enfermeira Cláudia Helena afirma ter cedido sua senha de boa-fé, sem saber quais nomes seriam deletados — mas a investigação sugere que essa ignorância pode ter sido cuidadosamente cultivada por quem a instruiu.
  • A operação policial de maio resultou na prisão de Cid e em buscas na residência de Bolsonaro, indicando que as autoridades enxergam uma coordenação deliberada entre múltiplos agentes, e não atos isolados.
  • O caso permanece aberto, com a questão central ainda sem resposta: a enfermeira foi uma participante ingênua ou uma figura mantida estrategicamente às escuras para proteger os verdadeiros arquitetos do esquema?

Uma enfermeira responsável pela supervisão de vacinações em Duque de Caxias entregou sua senha de acesso ao sistema a João Brecha, secretário municipal de governo, sem perguntar para que seria usada. Em depoimento à Polícia Federal, Cláudia Helena Acosta Rodrigues da Silva explicou que confiava em Brecha e que ele propositalmente omitiu os detalhes, dizendo apenas que queria poupá-la de um assunto sensível envolvendo pessoas de proeminência pública.

O que Brecha fez com essas credenciais, segundo a investigação, foi apagar registros de vacinação inseridos falsamente no sistema em nome do ex-presidente Jair Bolsonaro e de sua filha. Os dados fictícios apareceram no sistema em 21 de dezembro e desapareceram seis dias depois, com as marcas digitais do acesso de Brecha.

A falsificação, porém, tinha raízes mais profundas. Usando o perfil de Bolsonaro no ConecteSUS, alguém gerou certificados oficiais de vacinação a partir de um computador dentro do Palácio do Planalto, atribuindo ao ex-presidente doses recebidas em agosto e outubro. A conta que imprimiu esses documentos estava registrada em um endereço de e-mail pertencente a Mauro Cid, ex-assessor militar de Bolsonaro. Investigadores afirmam não haver evidências críveis de que Bolsonaro tenha se vacinado nessas datas.

A operação policial deflagrada no início de maio resultou na prisão de Cid e em buscas na residência de Bolsonaro, apontando para uma ação coordenada entre múltiplos agentes. A enfermeira sustentou, em seu depoimento, que acreditava estar diante de um procedimento administrativo legítimo. A pergunta que paira sobre o caso é se sua confiança foi simplesmente ingênua — ou se foi deliberadamente explorada por quem tinha muito a esconder.

A nurse who oversees vaccination operations in Duque de Caxias, a city in Rio de Janeiro state, handed over her login credentials to a municipal government official without asking what he planned to do with them. In interviews with federal police, Cláudia Helena Acosta Rodrigues da Silva explained that she gave her password to João Brecha, the city's government secretary, because she trusted he would not misuse it. She said Brecha deliberately withheld the details of which records would be deleted, telling her only that he wanted to spare her involvement in something sensitive—something involving people of prominence and public standing.

What Brecha did with those credentials, according to the investigation, was erase vaccination records that had been falsely entered into the municipal system under the name of former president Jair Bolsonaro. On December 21, fake vaccination data appeared in the system for both Bolsonaro and his daughter. Six days later, those entries vanished. The deletion bore the fingerprints of Brecha's access.

But the falsification went deeper. Using Bolsonaro's own profile in ConecteSUS—the national vaccination registry system—someone generated official vaccination certificates from a computer inside the Palácio do Planalto, the presidential residence. Those certificates claimed Bolsonaro had received doses on August 13 and October 14. Federal police say there is no credible evidence Bolsonaro received vaccines on either date. The user account that printed these false certificates was registered to an email address belonging to Mauro Cid, Bolsonaro's former military aide.

The investigation that uncovered this chain of events began in early May, when federal police executed search warrants and made arrests. Cid was taken into custody. Bolsonaro's residence was searched. The operation suggested something more organized than a single official acting alone—a coordinated effort to create and then conceal false health records at the highest levels of government.

Rodrigues, the nurse, maintained during her police statement that she saw no wrongdoing in Brecha's request. She believed the deletions were legitimate, routine administrative work. She had no reason to suspect that what she was enabling was part of a scheme to fabricate evidence of vaccination for a former president who, according to investigators, never received the shots at all. The question now hanging over the case is whether her trust was naive or whether she was deliberately kept in the dark about the true nature of what was being asked of her.

The secretary did not want to say who would be deleted so as not to involve her in problems, given that these were relevant and known people
— Nurse's statement to federal police
Federal police say there is no credible scenario in which Bolsonaro received vaccines on the dates listed in the false certificates
— Federal police investigation findings
The Hearth Conversation Another angle on the story
Inventor

Why would a government secretary need a nurse's password instead of using his own access?

Model

That's the core of it. If he'd used his own credentials, there would be a direct trail back to him. Using hers created a layer of separation—or at least the appearance of one.

Inventor

And the nurse really believed nothing wrong was happening?

Model

She said she did. She claimed he told her the deletions involved "relevant and known people" but refused to say who. That's a strange way to ask for help if you're doing something legitimate.

Inventor

What strikes you most about the timeline?

Model

The speed. False records go in December 21. They're deleted December 27. But in between, someone at the presidential palace uses Bolsonaro's own account to print certificates. That's not panic—that's deliberate. Someone knew exactly what they were doing.

Inventor

Could the nurse have been a dupe?

Model

Possibly. But she also didn't ask questions. She didn't verify what was being deleted. She accepted a vague explanation from someone in power and handed over the keys.

Inventor

What does this tell us about how these systems are protected?

Model

That access controls mean nothing if the people with legitimate access are willing to share them. A password is only as secure as the person holding it.

Contact Us FAQ