Recommended reading

World’s largest healthcare cooperative leaks millions of patient-doctor messages

News
By published

Unimed kept an open database with patient chat logs

Data leak
(Image credit: Shutterstock)
  • Cybernews finds major database containing chat logs unsecured online
  • The archive belongs to one of the biggest healthcare cooperatives, Unimed
  • There is no evidence of prior abuse, it was said, but users should be on their guard

One of the world’s biggest healthcare cooperatives kept an open database with “millions of patient-doctor messages”, along with plenty of sensitive healthcare information, documents, images, and more.

Cybersecurity researchers from Cybernews found an exposed Kafka instance, and attributed it to Unimed.

Subsequent investigation determined the logs were generated when patients talked to Sara, Unimed’s AI-powered chatbot, as well as human doctors.

Images, PII, and more

Cybernews said its researchers were able to intercept more than 140,000 messages sent via the company’s chat feature but, based on the logs of the leaking instance, “at least 14 million” messages could have been sent this way.

“The leak is very sensitive as it exposed confidential medical information. Attackers could exploit the leaked details for discrimination and targeted hate crimes, as well as more standard cybercrime such as identity theft, medical and financial fraud, phishing, and scams,” the researchers said.

The information exposed this way includes people’s uploaded pictures and documents, sent messages, full names, phone numbers, email addresses, and Unimed card numbers.

While sifting through millions of messages could feel like a daunting task, feeding the archive into a Large Language Model (LLM) significantly simplifies the process. Threat actors could build detailed patient profiles with the help of AI, and use them to draft authentic, personalized phishing lures.

Luckily enough, after being notified about the issue, Unimed locked the instance down.

It claims that no one discovered it before Cybernews, and that no harm came of it: “Unimed do Brasil informs that it has investigated an isolated incident, identified in March 2025, and promptly resolved, with no evidence, so far, of any leakage of sensitive data from clients, cooperative physicians, or healthcare professionals,” the notification email reads. “An in-depth investigation remains ongoing.”

A healthcare cooperative is a member-owned, nonprofit organization that provides or facilitates access to healthcare services for its members.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.