In Brazil, data of 16 million patients with COVID-19 got public

ZDNet reports that personal and medical data of 16,000,000 Brazilian patients treated for COVID-19 were made public due to an error of a hospital employee.

The employee accidentally uploaded a spreadsheet to GitHub with usernames, passwords, and access keys to sensitive government systems.

“Among the systems whose credentials were accidentally leaked to GitHub were E-SUS-VE and Sivep-Gripe, two government databases used to store data on COVID-19 patients”, – according to journalists ZDNet.

So, the E-SUS-VE database is used to register patients with mild symptoms of coronavirus, and Sivep-Gripe is used to track more complex cases, which required hospitalization.

Both databases contained sensitive data, including patient names, addresses, ID details, and medical records, including medical records and medication regimens.

The leak was discovered by accident when an unnamed GitHub user noticed a spreadsheet with passwords in the personal GitHub account of an employee of the Albert Einstein Hospital in São Paulo. This user notified the Brazilian newspaper Estadao of his find, which examined the data and then reported the leak to the Brazilian Ministry of Health and the management of the medical institution.

Estadao journalists write that the found databases contained data from millions of Brazilians from 27 states.

“Among other things, people such as President Jair Bolsonaro, the president’s family, seven ministers and governors of 17 states were discovered”, — says Estadao.

As a result, the leak was removed from GitHub, and government officials changed passwords and revoked access keys to secure their systems.

ZDNet notes that vulnerabilities and data leaks have already been found in other COVID-19 monitoring applications and systems, including in Germany, Wales, New Zealand, India and other countries.

Even worse, according to analysts at Intertrust, about 85% of COVID-19 contact tracing apps are somehow leaking.

Let me remind you that we also talked that the cybercriminals attacked COVID-19 vaccine developers in the UK. A Maze ransomware operators attacked Hammersmith Medicines Research (HMR), a medical research company, which is testing a possible vaccine for COVID-19.