Usually data leaks are the work of hackers but this was not the case when 16m Brazilian Covid-19 patients recently had their personal and health information leaked online.
Against all protocols and policies, a Brazilian hospital employee decided to upload a spreadsheet with usernames, passwords and access keys to sensitive government systems on the developer website GitHub.
Of the systems exposed in the spreadsheet, there were two government databases called E-SUS-VE and Sivep-Gripe that are used to store data on Covid-19 patients.
- We've put together a list of the best malware removal software available
- Keep your devices protected online with the best antivirus software
- Also check out our roundup of the best ransomware protection
While E-SUS-VE is used for recording patients with mild symptoms, Sivep-Gripe is used to track those who have been hospitalized as a result of the virus. However, both databases contained sensitive details including patient names, addresses, ID information and healthcare records.
Leaked patient data
The recent data leak came to light when a GitHub user discovered the spreadsheet on the personal account of an Albert Einstein Hospital employee on the site. This user then notified the Brazilian newspaper Estadao which analyzed the data and then went on to notify both the the hospital in the city of Sao Paolo and the Brazilian Ministry of Health.
According to a report by Estadao, data from Brazilians across 27 states was found in the two databases including the personal healthcare records of the country's president Jair Bolsonaro, his family, seven government ministers and 17 Brazilian governors.
The leaked spreadsheet was then taken down from GitHub while government officials changed passwords and revoked access keys so that no one else could retrieve the sensitive Covid-19 data.
At this time, it is still unknown as to why the hospital employee decided to post the spreadsheet on Github in the first place. Thankfully though, both databases have now been properly secured.
- We've also highlighted the best endpoint protection