Millions of coronavirus patients have data leaked online

(Image credit: Folding@Home / Alissa Eckert, MS; Dan Higgins, MAM)

Usually data leaks are the work of hackers but this was not the case when 16m Brazilian Covid-19 patients recently had their personal and health information leaked online.

Against all protocols and policies, a Brazilian hospital employee decided to upload a spreadsheet with usernames, passwords and access keys to sensitive government systems on the developer website GitHub.

Of the systems exposed in the spreadsheet, there were two government databases called E-SUS-VE and Sivep-Gripe that are used to store data on Covid-19 patients. 

While E-SUS-VE is used for recording patients with mild symptoms, Sivep-Gripe is used to track those who have been hospitalized as a result of the virus. However, both databases contained sensitive details including patient names, addresses, ID information and healthcare records.

Leaked patient data

The recent data leak came to light when a GitHub user discovered the spreadsheet on the personal account of an Albert Einstein Hospital employee on the site. This user then notified the Brazilian newspaper Estadao which analyzed the data and then went on to notify both the the hospital in the city of Sao Paolo and the Brazilian Ministry of Health.

According to a report by Estadao, data from Brazilians across 27 states was found in the two databases including the personal healthcare records of the country's president Jair Bolsonaro, his family, seven government ministers and 17 Brazilian governors.

The leaked spreadsheet was then taken down from GitHub while government officials changed passwords and revoked access keys so that no one else could retrieve the sensitive Covid-19 data.

At this time, it is still unknown as to why the hospital employee decided to post the spreadsheet on Github in the first place. Thankfully though, both databases have now been properly secured.

Via ZDNet

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.