Sensitive information of over 16 million Brazilian COVID-19 patients were exposed online when a hospital employee uploaded a spreadsheet containing usernames, passwords, and access keys to sensitive government systems on GitHub this month.
Among the systems that had credentials exposed were E-SUS-VE and Sivep-Gripe which are the two government databases used to store data of COVID-19 patients.
While E-SUS-VE was used for recording details of COVID-19 patients with mild symptoms, the Sivep-Gripe was used to keep track of hospitalized cases.
The two databases contained patient information such as names, addresses, ID information, and also healthcare details such as medical history and medication regimes.
The data leak was revealed when a GitHub user found the spreadsheet containing the passwords on the personal GitHub account of an employee of the Albert Einstein Hospital in the city of Sao Paolo.
The user then notified Brazilian newspaper Estadao, which analyzed the data and notified the hospital and the Brazilian Ministry of Health.
According to Estadao reporters, the data for Brazilians across all 27 states was included in the two databases, including high profile figures such as country’s president Jair Bolsonaro, the president’s family, seven government ministers, and the governors of 17 Brazilian states.
The spreadsheet was eventually removed from GitHub and the government officials changed passwords and revoked access keys to resecure their systems.
Since the arrival of the COVID-19 pandemic, several governments and government contractors had to face issues securing their COVID-19-related apps and databases.
Image Credits : Deccan Herald