Personal and health details of more than 16 million Brazilian COVID-19 patients has been accidentally exposed online due to an error of an employee of a Brazilian hospital.
An employee of Albert Einstein Hospital in Sao Paolo has uploaded a spreadsheet containing usernames, passwords, and access keys to sensitive government systems on GitHub.
The spreadsheet contained the login credentials for several systems, including the E-SUS-VE and Sivep-Gripe applications that are used to manage data on COVID-19 patients.
The archive includes data belonging to government representatives, including Brazil President Jair Bolsonaro, seven ministers, and 17 provincial governors.
The exposed data includes patient names, addresses, ID information, but also healthcare records such as medical history and medication regimes.
The data leak was discovered by a GitHub user who found the spreadsheet containing the credentials on the GitHub account associated with the hospital employee.
The user shared his discovery with the Brazilian newspaper Estadao, which notified the Brazilian Ministry of Health and the hospital.
The spreadsheet was promptly removed from GitHub and the passwords and the access keys for the systems were changed.
(SecurityAffairs – hacking, COVID-19)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.