Leak exposes personal data for millions of Brazilian COVID-19 patients

Even the country's president had data exposed.

Sponsored Links

A medical worker is seen near a patient at the intensive care unit (ICU) of the Nossa Senhora da Conceicao hospital, during the coronavirus disease (COVID-19) outbreak, in Porto Alegre, Brazil, November 19, 2020. Picture taken November 19, 2020. REUTERS/Diego Vara
REUTERS/Diego Vara

Medical data breaches are serious as a rule, but an incident in Brazil may be particularly severe. According to ZDNet, Brazilian newspaper Estadao has learned that a Sao Paolo hospital worker uploaded a spreadsheet with login details for two government databases to GitHub, exposing personal data for millions of COVID-19 patients. The E-SUS-VE and Sivep-Gripe data sets included patients’ names, addresses, identification and medical histories.

The data included both mild cases as well as patients that needed hospitalization. The access even covered high-profile patients like President Jair Bolsonaro, his family, state governors and seven ministers.

The spreadsheet was pulled from GitHub as officials changed login details and revoked keys to prevent intruders from accessing the data. It’s not clear how many unauthorized people accessed the information.

An exposure like this could easily be dangerous. Patients face the risk of fraud and identity theft. It could be particularly problematic for hospitalized people who might not even have an opportunity to respond to any theft. Criminals could effectively take advantage of patients at their most vulnerable.

It’s also a reminder that healthcare info security doesn’t just involve protecting against hacks. It also involves ensuring that staff handle data responsibly. It only takes one mistake or rogue employee to leak massive amounts of sensitive information, and Brazil is discovering the consequences of these oversights first-hand.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget