Brazil-based Unimed, which is the largest healthcare cooperative worldwide, had at least 14 million patient conversations with doctors and its chatbot "Sara" leaked by an unsecured instance of the open-source real-time data transmission platform Kafka, according to Cybernews.
Included in the exposed details were names, phone numbers, email addresses, uploaded pictures and documents, sent messages, and Unimed card numbers, reported Cybernews researchers, who noted that the misconfiguration discovered in late March was resolved by Unimed in early April. "The leak is very sensitive as it exposed confidential medical information. Attackers could exploit the leaked details for discrimination and targeted hate crimes, as well as more standard cybercrime such as identity theft, medical and financial fraud, phishing, and scams," said researchers. Researchers also called on Unimed to prevent future data leaks by restricting Kafka Broker access. Aside from implementing IP whitelisting, Unimed should also activate built-in authorization and authentication functionality, they added.
Included in the exposed details were names, phone numbers, email addresses, uploaded pictures and documents, sent messages, and Unimed card numbers, reported Cybernews researchers, who noted that the misconfiguration discovered in late March was resolved by Unimed in early April. "The leak is very sensitive as it exposed confidential medical information. Attackers could exploit the leaked details for discrimination and targeted hate crimes, as well as more standard cybercrime such as identity theft, medical and financial fraud, phishing, and scams," said researchers. Researchers also called on Unimed to prevent future data leaks by restricting Kafka Broker access. Aside from implementing IP whitelisting, Unimed should also activate built-in authorization and authentication functionality, they added.
