Over 16 million Brazilian COVID-19 patient’s personal data exposed online, including Brazil President Jair Bolsonaro, seven ministers, and 17 provincial governors.
COVID-19 — Patient’s Data
The personal and health information of more than 16 million Brazilian COVID-19 patients has been leaked online.
After a hospital employee uploaded a spreadsheet leading to data disclosure, including Personal data such as CPF, address, telephone, pre-existing diseases, usernames, passwords, and access keys to sensitive government systems on GitHub this month.
Among the systems that had credentials exposed were two government databases E-SUS-VE and Sivep-Gripe.
E-SUS-VE — used for recording COVID-19 patients with mild symptoms, while, Sivep-Gripe — used to keep track of hospitalized cases.
Employee — Albert Einstein Hospital
It is not caused by a hacker attack, but was caused by an action by Wagner Santos, an employee of the Albert Einstein Hospital.
Wagner Santos, an employee of the Albert Einstein Hospital who had free access to the Ministry of Health’s databases. He worked on a partnership project with the portfolio and was based at the ministry headquarters.
Estadao reporters said that data for Brazilians across all 27 states including high profile figures in the database like:
- the country’s president Jair Bolsonaro,
- the president’s family,
- seven government ministers, and
- the governors of 17 Brazilian states.
“I published the password sheet on the GitHub platform to perform a test in the implementation of a model, but forgot to remove the file from the public page,” the employee confirmed.
The spreadsheet was ultimately removed from GitHub while government officials changed passwords and revoked access keys to resecure their systems.
Earlier this month, as a hacker attack — Microsoft says hackers from Russia and North Korea are attacking COVID-19 vaccine makers.