Records of 16 million Brazilian Covid-19 patients leaked

16 million Brazilian Covid-19 patients have had their records leaked this month. The spreadsheet with names, passwords and access keys to government systems were found on GitHub.

A hospital employee is said to have put the spreadsheet up on the website.

Such government databases as E-SUS-VE and Sivep-Gripe which stored Covid-19 patients’ details got the credentials to them breached.

Among the exposed information there are names, addresses, ID details, medical records, including health checkup history and prescriptions.

The leak was spotted accidentally when a GitHub user noticed the account credentials of an employee working at Albert Einstein Hospital.

According to the Intertrust, 85% of apps which track down Covid-19 contacts, get leaked.

As soon as the local newspaper Estadao was notified by the user, the hospital was alerted to the incident.

Patients from 27 states in Brazil appeared to have their data listed in the spreadsheet, which also comprised the details of the president’s family, government ministers and state governors.

The passwords have been changed and access keys – revoked since the leak was discovered.

Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.