• Fri. Feb 26th, 2021

16M COVID-19 Patients’ Records Exposed Online via Brazil’s Health Ministry


16M COVID-19 Patients’ Records Exposed Online.

The data of Brazil President Jair Bolsonaro was among the personal and health information of 16 million COVID-19 patients in the country that were exposed online. This did not result from a hack, but after a hospital employee shared on GitHub a spreadsheet of access keys various government systems including usernames and passwords. Also included by the leak are 17 provincial governors and seven ministers.

While the spreadsheet has already been removed from GitHub, government authorities already revoked access keys and changed their system passwords to avoid further compromise.

(Photo : Andressa Anholete/Getty Images)
BRASILIA, BRAZIL – NOVEMBER 19: Jair Bolsonaro, President of Brazil, reacts during Commemorates Brazilian Flag Day amidst the coronavirus (COVID-19) pandemic at the Planalto Palace on November 19, 2020 in Brasilia. Brazil has over 5.945,000 confirmed positive cases of Coronavirus and has over 167,455 deaths.

Brazil Health Ministry Password Leak.

According to ZDNet, the leak was first reported by Brazilian newspaper Estadao after a GitHub user spotted the leaked spreadsheet that was uploaded on the GitHub account of an Albert Einstein Hospital employee.  

The newspaper analyzed the data in the spreadsheet, which contains passwords to various sensitive government systems, before notifying the Sao Paolo hospital as well as the Brazilian Ministry of Health.

Among the exposed systems were Sivep-Gripe and E-SUS-VE, which are two government databases being used to store COVID-19 patients credentials. The Sivep-Gripe system is being used to keep track of hospitalized cases while the E-SUS-VE database is for recording COVID-19 patients having mild symptoms.

According to Estadao report, health information and personal data of 16 million Brazilians across 27 states stored in these two databases have been exposed for a month in GitHub’s website. These details include names, addresses, telephone numbers, individual taxpayer’s ID as well as their pre-existing medical conditions, medication regimes, and medical history.


Global health and medical app security issues.

The security breach is not unique to Brazil as other countries also had leaks and vulnerabilities in their COVID-19 systems and apps. These include those used in Wales, Germany, India, and New Zealand.

In September, a study published by Intertrust analyzed 100 iOS and Android medical and healthcare apps being used by healthcare organizations across the globe. This showed that 71% of these apps show at least one high security vulnerability, which can readily exploit and result in significant loss or damage. Also, 91% of medical apps have weak or mishandled encryption, making them at high risk of intellectual property theft and data exposure.

It also shows that 28% of iOS apps and 34% of Android apps are susceptible to extraction of encryption key while about 85% of contact tracing apps for COVID-19 can leak data. Moreover, the study also found that majority of health apps have multiple security issues linked to data storage.

Intertrust Chief Technology Officer and General Manager of the Secure Systems product group Bill Horne said the healthcare and medical sectors already had history of security vulnerabilities. “The good news is that application protection strategies and technologies can help healthcare organizations bring the security of their apps up to speed,” Horne noted adding that  there are still a lot of work to be done to strengthen the data security.


Addressing Cybersecurity amid pandemic.

Since cybersecurity issues are not limited to the medical sector, governments must ensure they are capable of preventing the risk of any threat and mitigating its effect. Here are three ways governments can address data leaks and security breaches.


Strengthen awareness campaigns.

Educating people and increasing awareness at all levels and ages can highly reduce the risk of getting screwed up online. It is best to have unified awareness programs between the private sectors and governments.


Adjust national frameworks.

Nations should be more vigilant and responsive in developing and updating national cybersecurity measures as well as regulatory and legal framework towards the cyberspace. 


Boost international cooperation.

Cybersecurity is not a local issue, but a global threat to all individuals and entities. While information sharing already increased since the start of the pandemic, such trend should be maintained across all cyber-related issues.


 9,739 total views,  2 views today

Leave a Reply

Your email address will not be published. Required fields are marked *

You have successfully subscribed to the weekly riSec newsletter

There was an error while trying to send your request. Please try again.

riSec will use the information supplied to send out our weekly newsletter. We will never share your supplied details with 3rd partys; we encourage users to use an alias where possible on the internet. You are subscribing to our weekly newsletter which will feature highlights of our posts, top security news and much more.