Personal details of millions of citizens registered in the Brazilian healthcare system have been exposed in a new blunder relating to data management and security involving the country's Ministry of Health (MoH).
The most recent incident entails the exposure of details such as names, addresses and telephone numbers, as well as taxpayer registration numbers belonging to approximately 243 million Brazilians. The number is greater than the current population size of 212 million because the leak also included information about deceased citizens.
The leak was first reported by Brazilian newspaper O Estado de São Paulo in an article published last Wednesday (2). According to the article, login and password details to ministerial systems had been openly published online. One of the systems in question, e-SUS Notifica, handles the registration of suspected and confirmed Covid-19 cases, developed in partnership by technology company Zello.
After the problem was exposed, the supplier and the MoH found there was a vulnerability in the integration between the ministerial back-end systems and the system front-end, according to a statement issued by Zello, which noted that the vulnerability was patched by the ministry as soon as the Estado article was published.
The latest leak relating to Brazil's Ministry of Health follows another security incident, also reported by O Estado de São Paulo four days earlier,[1] relating to the exposure of personal details of millions of Brazilians who tested positive for Covid-19 after passwords to systems maintained by the MoH were openly published online.
The Brazilian Institute for Consumer Rights (IDEC) filed a request with the Brazilian Prosecution Service to launch an investigation into the first incident, relating to the ministry's partnership with the hospital: "Once again we are faced with serious security flaws that may have caused damage