Thursday, March 28, 2024

16M COVID-19 Patients’ Records Exposed Online via Brazil’s Health Ministry

The data of Brazil President Jair Bolsonaro was among the personal and health information of 16 million COVID-19 patients in the country that were exposed online. This did not result from a hack, but after a hospital employee shared on GitHub a spreadsheet of access keys various government systems including usernames and passwords. Also included by the leak are 17 provincial governors and seven ministers.

While the spreadsheet has already been removed from GitHub, government authorities already revoked access keys and changed their system passwords to avoid further compromise.

(Photo : Andressa Anholete/Getty Images)
BRASILIA, BRAZIL – NOVEMBER 19: Jair Bolsonaro, President of Brazil, reacts during Commemorates Brazilian Flag Day amidst the coronavirus (COVID-19) pandemic at the Planalto Palace on November 19, 2020 in Brasilia. Brazil has over 5.945,000 confirmed positive cases of Coronavirus and has over 167,455 deaths.

Brazil Health Ministry Password Leak

According to ZDNet, the leak was first reported by Brazilian newspaper Estadao after a GitHub user spotted the leaked spreadsheet that was uploaded on the GitHub account of an Albert Einstein Hospital employee.  

The newspaper analyzed the data in the spreadsheet, which contains passwords to various sensitive government systems, before notifying the Sao Paolo hospital as well as the Brazilian Ministry of Health.

Among the exposed systems were Sivep-Gripe and E-SUS-VE, which are two government databases being used to store COVID-19 patients credentials. The Sivep-Gripe system is being used to keep track of hospitalized cases while the E-SUS-VE database is for recording COVID-19 patients having mild symptoms.

According to Estadao report, health information and personal data of 16 million Brazilians across 27 states stored in these two databases have been exposed for a month in GitHub’s website. These details include names, addresses, telephone numbers, individual taxpayer’s ID as well as their pre-existing medical conditions, medication regimes, and medical history.


Global health and medical app security issues

The security breach is not unique to Brazil as other countries also had leaks and vulnerabilities in their COVID-19 systems and apps. These include those used in Wales, Germany, India, and New Zealand.

Recommended:  Canadian NetWalker Ransomware Operator Extradited to U.S

In September, a study published by Intertrust analyzed 100 iOS and Android medical and healthcare apps being used by healthcare organizations across the globe. This showed that 71% of these apps show at least one high security vulnerability, which can readily exploit and result in significant loss or damage. Also, 91% of medical apps have weak or mishandled encryption, making them at high risk of intellectual property theft and data exposure.

It also shows that 28% of iOS apps and 34% of Android apps are susceptible to extraction of encryption key while about 85% of contact tracing apps for COVID-19 can leak data. Moreover, the study also found that majority of health apps have multiple security issues linked to data storage.

Intertrust Chief Technology Officer and General Manager of the Secure Systems product group Bill Horne said the healthcare and medical sectors already had history of security vulnerabilities. “The good news is that application protection strategies and technologies can help healthcare organizations bring the security of their apps up to speed,” Horne noted adding that  there are still a lot of work to be done to strengthen the data security.


Addressing Cybersecurity amid pandemic

Since cybersecurity issues are not limited to the medical sector, governments must ensure they are capable of preventing the risk of any threat and mitigating its effect. Here are three ways governments can address data leaks and security breaches.


Strengthen awareness campaigns

Educating people and increasing awareness at all levels and ages can highly reduce the risk of getting screwed up online. It is best to have unified awareness programs between the private sectors and governments.

Recommended:  WordPress Plugin Testimonial Slider and Showcase 2.2.6 Stored XSS PoC

Adjust national frameworks

Nations should be more vigilant and responsive in developing and updating national cybersecurity measures as well as regulatory and legal framework towards the cyberspace. 


Boost international cooperation

Cybersecurity is not a local issue, but a global threat to all individuals and entities. While information sharing already increased since the start of the pandemic, such trend should be maintained across all cyber-related issues.


Bookmark
ClosePlease login
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

User Avatar
RiSec.Mitch
Just your average information security researcher from Delaware US.

more infosec reads

Subscribe for weekly updates

explore

more

security