icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm
27 Nov, 2020 13:34

Medical records of Brazilian PRESIDENT among 16 million Covid-19 patients EXPOSED after passwords published online – report

Medical records of Brazilian PRESIDENT among 16 million Covid-19 patients EXPOSED after passwords published online – report

Personal data of some 16 million Brazilians, including their medical records, was reportedly left exposed for almost a month after a data scientist published passwords for government Covid-19 databases.

A Brazilian newspaper reported that it managed to access the medical records of President Jair Bolsonaro, his family members, seven ministers, including Health Minister Eduardo Pazuello, 17 governors and other high profile figures.

The records were stored in two databases listing people with suspected or confirmed Covid-19 infections and those admitted to hospitals for treatment, the newspaper Estadao said. There were entries for some 16 million Brazilians in them, and they contained some highly sensitive information, including personal details, pre-existing conditions like cancer or HIV, prescribed drugs or even which hospital floor a patient could have been found.

Also on rt.com Brazil allows resumption of Chinese vaccine trial after brief suspension over study subject’s suicide

This trove was exposed by a single data scientist, who published a list of logins and passwords necessary to access the databases on his personal page on the computer code repository GitHub. The newspaper said it was tipped off about the existence of the breach and verified the authenticity of the access credentials. The passwords were leaked on October 28 and removed only after Estado started digging into the security breach.

The person responsible for the leak was identified as an employee of the Albert Einstein Hospital in the city of Sao Paulo. He told the newspaper he uploaded the spreadsheet while working on a computer modeling project and forgot to remove it. The passwords have since been changed by the authorities.

Also on rt.com Move along, nothing to see here: Australian government insists ‘incidental’ collection of COVIDSafe data didn’t violate privacy

The health ministry and the hospital promised a thorough investigation into the leak, but said it apparently happened due to a human error rather than a design flaw in their systems. It was not immediately clear why such sensitive databases seem to be protected only by passwords and didn't use some form of multiple-factor verification. More robust systems require additional information before giving users access, for example, a short code texted to a person's phone when they attempt to log in.

If you like this story, share it with a friend!

Podcasts
0:00
13:44
0:00
25:44