Personal data including the medical history of about 16 million Brazilians were exposed online after a hospital employee exposed the database credentials. It was initially seen by a GitHub user, who spotted a spreadsheet containing credentials and access keys to the government databases, before being taken down and revoking them.
Over 16 Million Patient Data Exposed
Securing a database is important, and many people ignore it by following weak security protocols. Though some secure it, they often share the credentials to someone else on purpose, who in return expose it inadvertently in some way – just like a Brazilian hospital employee did!
As per reports, an employee belonging to Albert Einstein Hospital in Sao Paolo has uploaded a spreadsheet to his personal GitHub account, which contained usernames, passwords, and access keys to government systems and databases, namely E-SUS-VE and Sivep-Gripe.
While the E-SUS-VE was meant for storing the data of COVID-19 patients with mild symptoms, the Sivep-Gripe stores data for tracking the hospitalized patients. These two databases have a combined total of 16 million records, which contains patient names, their addresses, IDs, and also their medical history and medication regimes.
This was spotted by a GitHub user initially and reported to a Brazilian newspaper called Estadao, who in turn verified the database and informed Albert Einstein Hospital and the Brazilian Health Ministry. The spreadsheet was pulled down after that, with passwords and access keys revoked for securing the databases.
It’s said that the exposed database has COVID-19 medical data of Jair Bolsonaro, Brazil’s President too, along with seven government ministers, and the governors of 17 Brazilian states.
Other Trending News:- News
