Personal data and health information about 16 million Brazilian patients with COVID-19 were exposed to Internet, as a hospital employee uploaded to GitHub a spreadsheet containing usernames, passwords and access keys to sensitive government systems.
Among the exposed systems are E-SUS-VE and Sivep-Gripe, two government databases used for storage data patients with COVID-19.
E-SUS-VE was used to record patients with mild COVID-19 symptoms, while Sivep-Gripe was used to monitor hospitalization.
The two bases data they contained sensitive information, such as patient names, addresses, IDs, but also health records such as medical history and treatments.
The leak became known when a GitHub user spotted the spreadsheet with personal data patients on the personal GitHub account of a hospital employee Albert Einstein in the city of Sao Paulo.
The user updated the Brazilian newspaper Stay, which contacted the hospital and the Brazilian Ministry of Health.
According to Estadao, personal data 16 million Brazilian patients were in the two exposed databases. Among the individuals whose data were exposed are President Jair Bolsonaro, his family, seven government ministers and the governors of 17 regions of Brazil.
The spreadsheet was removed from GitHub, and government officials changed passwords and passwords to secure systems their.
In recent months, several governments have had problems with security of COVID-19-related applications and databases. For example, vulnerabilities have been identified in applications and COVID-19 systems used in Germany, Wales, New Zealand, India and elsewhere.