Usually data leaks (opens in new tab) are the work of hackers but this was not the case when 16m Brazilian Covid-19 patients recently had their personal and health information leaked online.
Against all protocols and policies, a Brazilian hospital employee decided to upload a spreadsheet with usernames, passwords and access keys to sensitive government systems on the developer website GitHub (opens in new tab).
Of the systems exposed in the spreadsheet, there were two government databases called E-SUS-VE and Sivep-Gripe that are used to store data on Covid-19 patients.
- We've put together a list of the best malware removal (opens in new tab) software available
- Keep your devices protected online with the best antivirus (opens in new tab) software
- Also check out our roundup of the best ransomware protection (opens in new tab)
While E-SUS-VE is used for recording patients with mild symptoms, Sivep-Gripe is used to track those who have been hospitalized as a result of the virus. However, both databases contained sensitive details including patient names, addresses, ID information and healthcare records.
Leaked patient data
The recent data leak came to light when a GitHub user discovered the spreadsheet on the personal account of an Albert Einstein Hospital employee on the site. This user then notified the Brazilian newspaper Estadao which analyzed the data and then went on to notify both the the hospital in the city of Sao Paolo and the Brazilian Ministry of Health.
According to a report (opens in new tab) by Estadao, data from Brazilians across 27 states was found in the two databases including the personal healthcare records of the country's president Jair Bolsonaro, his family, seven government ministers and 17 Brazilian governors.
The leaked spreadsheet was then taken down from GitHub while government officials changed passwords and revoked access keys so that no one else could retrieve the sensitive Covid-19 data.
At this time, it is still unknown as to why the hospital employee decided to post the spreadsheet on Github in the first place. Thankfully though, both databases have now been properly secured.
- We've also highlighted the best endpoint protection (opens in new tab)
Via ZDNet (opens in new tab)