Normally data leaks are the work of hackers however this was not the case when 16m Brazilian Covid-19 sufferers not too long ago had their private and well being data leaked on-line.
Towards all protocols and insurance policies, a Brazilian hospital worker determined to add a spreadsheet with usernames, passwords and entry keys to delicate authorities programs on the developer web site GitHub.
Of the programs uncovered within the spreadsheet, there have been two authorities databases referred to as E-SUS-VE and Sivep-Gripe which can be used to retailer information on Covid-19 sufferers.
Whereas E-SUS-VE is used for recording sufferers with gentle signs, Sivep-Gripe is used to trace those that have been hospitalized because of the virus. Nevertheless, each databases contained delicate particulars together with affected person names, addresses, ID data and healthcare information.
Leaked affected person information
The latest information leak got here to gentle when a GitHub consumer found the spreadsheet on the non-public account of an Albert Einstein Hospital worker on the location. This consumer then notified the Brazilian newspaper Estadao which analyzed the information after which went on to inform each the the hospital within the metropolis of Sao Paolo and the Brazilian Ministry of Well being.
In accordance with a report by Estadao, information from Brazilians throughout 27 states was discovered within the two databases together with the non-public healthcare information of the nation’s president Jair Bolsonaro, his household, seven authorities ministers and 17 Brazilian governors.
The leaked spreadsheet was then taken down from GitHub whereas authorities officers modified passwords and revoked entry keys in order that nobody else might retrieve the delicate Covid-19 information.
Presently, it’s nonetheless unknown as to why the hospital worker determined to publish the spreadsheet on Github within the first place. Fortunately although, each databases have now been correctly secured.