Brazil’s Health Ministry Password Leak: President Bolsonaro and 16M COVID-19 Patients’ Records Exposed Online

The data of Brazil President Jair Bolsonaro was among the personal and health information of 16 million COVID-19 patients in the country that were exposed online. This did not result from a hack, but after a hospital employee shared on GitHub a spreadsheet of access keys various government systems including usernames and passwords. Also included by the leak are 17 provincial governors and seven ministers.

While the spreadsheet has already been removed from GitHub, government authorities already revoked access keys and changed their system passwords to avoid further compromise.

Bolsonaro Commemorates Brazilian Flag Day at Planato Palace
BRASILIA, BRAZIL - NOVEMBER 19: Jair Bolsonaro, President of Brazil, reacts during Commemorates Brazilian Flag Day amidst the coronavirus (COVID-19) pandemic at the Planalto Palace on November 19, 2020 in Brasilia. Brazil has over 5.945,000 confirmed positive cases of Coronavirus and has over 167,455 deaths. Andressa Anholete/Getty Images

Brazil Health Ministry Password Leak

According to ZDNet, the leak was first reported by Brazilian newspaper Estadao after a GitHub user spotted the leaked spreadsheet that was uploaded on the GitHub account of an Albert Einstein Hospital employee.

The newspaper analyzed the data in the spreadsheet, which contains passwords to various sensitive government systems, before notifying the Sao Paolo hospital as well as the Brazilian Ministry of Health.

Among the exposed systems were Sivep-Gripe and E-SUS-VE, which are two government databases being used to store COVID-19 patients credentials. The Sivep-Gripe system is being used to keep track of hospitalized cases while the E-SUS-VE database is for recording COVID-19 patients having mild symptoms.

According to Estadao report, health information and personal data of 16 million Brazilians across 27 states stored in these two databases have been exposed for a month in GitHub's website. These details include names, addresses, telephone numbers, individual taxpayer's ID as well as their pre-existing medical conditions, medication regimes, and medical history.

Coronavirus Cases Surge In The Rio de Janeiro Metropolitan Region Of Sao Goncalo
SÃO GONCALO, BRAZIL - NOVEMBER 25: Huge queues form in search of quick tests for COVID-19 at Hospital Franciscano Nossa Senhora das Graças, in Lagoinhaa on November 25, 2020 in São Gonçalo, Brazil. The Metropolitan Region of São Gonçalo in Rio de Janeiro, increase in cases of COVID-19, with beds reaching 100% of ocupation. The population is under test in the screening centers spreading throughout the city. Luis Alvarenga/Getty Images

Meanwhile, high profile personalities affected by the leak include Brazilian president Bolsonaro and his family, both congressional houses' heads, seven government ministers as well as governors of 17 Brazilian states.

Global health and medical app security issues

The security breach is not unique to Brazil as other countries also had leaks and vulnerabilities in their COVID-19 systems and apps. These include those used in Wales, Germany, India, and New Zealand.

In September, a study published by Intertrust analyzed 100 iOS and Android medical and healthcare apps being used by healthcare organizations across the globe. This showed that 71% of these apps show at least one high security vulnerability, which can readily exploit and result in significant loss or damage. Also, 91% of medical apps have weak or mishandled encryption, making them at high risk of intellectual property theft and data exposure.

It also shows that 28% of iOS apps and 34% of Android apps are susceptible to extraction of encryption key while about 85% of contact tracing apps for COVID-19 can leak data. Moreover, the study also found that majority of health apps have multiple security issues linked to data storage.

Intertrust Chief Technology Officer and General Manager of the Secure Systems product group Bill Horne said the healthcare and medical sectors already had history of security vulnerabilities. "The good news is that application protection strategies and technologies can help healthcare organizations bring the security of their apps up to speed," Horne noted adding that there are still a lot of work to be done to strengthen the data security.

Addressing Cybersecurity amid pandemic

Since cybersecurity issues are not limited to the medical sector, governments must ensure they are capable of preventing the risk of any threat and mitigating its effect. Here are three ways governments can address data leaks and security breaches

Strengthen awareness campaigns

Educating people and increasing awareness at all levels and ages can highly reduce the risk of getting screwed up online. It is best to have unified awareness programs between the private sectors and governments.

Adjust national frameworks

Nations should be more vigilant and responsive in developing and updating national cybersecurity measures as well as regulatory and legal framework towards the cyberspace.

Boost international cooperation

Cybersecurity is not a local issue, but a global threat to all individuals and entities. While information sharing already increased since the start of the pandemic, such trend should be maintained across all cyber-related issues.

This is owned by Tech Times

Written by CJ Robles

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics