Spreadsheets that contains private details of hundreds of COVID-19 patients from Moscow, Russia, have been published online and the Russian government has confirmed the leak.
A government official said that an internal inquiry found a mistake had been made and that it was not the work of any hackers.
Leaked details of COVID-19 patients
The news site that revealed the leak, Readovka, stated that the files show official statistics may have under-reported the real number of coronavirus cases. It says on the files that there are 300,000 names that are listed, alongside the diagnoses and the test results.
Home addresses, telephone numbers, medical insurance numbers and even passport details were also shown alongside other personal information.
A news network led by Radio Liberty, Current Time, together with Voice of America, has also carried out checks of its own on the data to confirm that the details matches those of real COVID-19 patients.
Human error
According to Tass, a Russian news agency, around 660,073 cases of the coronavirus have officially been detected in Moscow. However, the files show only a subset of these numbers.
Eduard Lysenko, the head of Moscow Department of Information Technologies, said that during the checks, they have established that there has been no violation of the information system of the Moscow city government.
Lysenko added that the leak happened due to human error as members of staff who were processing the documents had allowed for the files to be passed on to third persons. He added that measures would follow, in which some local reports have taken to mean that there could be criminal prosecutions.
Russia's personal data
Tass also reported 362 Excel files involving around 940MB of data had been uploaded, with some running to more than 100,000 lines.
This issue with Russia came a week after it was revealed that the personal information of everyone who had ever registered with Brazil's publicly-funded healthcare system had been put at risk by a password being left in the code of the government's COVID-19 notification system by accident.
According to Saude, more than 200 million living and dead people's names, addresses and other personal details could have been opened and accessed as a consequence of the error. Even the personal data of Brazil's president, Jair Bolsonaro, was included in the list.
The government in Brazil has said that the issue has already been fixed.
This kind of exposure is very dangerous and patients can face the risk of fraud and identity theft that could leave them helpless for years. It could also be problematic for hospitalized people who might not have the opportunity it immediately respond to any theft or fraud. Criminals could take advantage of the patients while they are at their most vulnerable state.
It also serves as a reminder that healthcare information security does not just involve protecting the information against hacks, but it also involves ensuring that the staff can handle the data responsibly. All it can take is just one mistake to leak massive amounts of personal and sensitive information.
This article is owned by Tech Times
Written by Sieeka Khan