Thousands of VNC Servers Exposed Without Passwords

COVID-19 data of about 16 million Brazilian patients exposed online after a hospital employee leaked the credentials to government databases online. The exposed sheet contains passwords and access keys to two government databases, which store the health information of Brazilians including their past medical history.

COVID-19 Data of Brazilians Exposed

COVID-19 Patient Data of About 16 Million Brazilians Exposed Online

What’s turning more difficult than handling the COVID-19 is securing the data of its patients. While many government agencies and medical facilities with poor security standards are falling prey to hackers, some are inadvertently exposing the database of patients’ data.

One such incident happened in Brazil, that exposed about 16 million COVID-19 patients’ data. This was discovered by a GitHub user, who spotted a spreadsheet belonging to an employee of Albert Einstein Hospital in Sao Paolo. The spreadsheet was uploaded to his personal GitHub account, which contained usernames, passwords, and access keys to systems.

The databases, E-SUS-VE and Sivep-Gripe were used for storing COVID-19 patients. While E-SUS-VE was used for recording COVID-19 patients with mild symptoms, the Sivep-Gripe was used to keep track of hospitalized patients.

Both of these are said to be containing about 16 million records, that have details like patient names, their addresses, IDs, and also their medical history and medication regimes.

He soon reported this to Estadao, a Brazilian newspaper that scrutinized the data and informed the Brazilian Health Ministry and the concerned hospital.

While the spreadsheet was removed eventually, the access keys to systems and passwords to databases were revoked.

Yet, the database leaked was said to be having details of Brazilians across all 27 states, including the president’s Jair Bolsonaro, seven government ministers, and the governors of 17 Brazilian states.

LEAVE A REPLY

Please enter your comment!
Please enter your name here