- Cybernews finds an important database that contains chat records not guaranteed online
- The file belongs to one of the largest medical care cooperatives, without measuring
- It was said that there is no evidence of previous abuse, but users should be on guard
One of the world’s largest health cooperatives maintained an open database with “millions of messages from patients with the patient”, along with a lot of confidential medical care information, documents, images and more.
Cybersecurity researchers Cybernews He found an exposed Kafka instance and attributed it to UNIMED.
The subsequent research determined that the records were generated when patients spoke with Sara, the chatbot to the non -impulse, as well as human doctors.
Images, pii and more
Cybernews said that his researchers could intercept more than 140,000 messages sent through the company’s chat function, but, based on the records of the escape instance, “at least 14 million” messages could have been sent in this way.
“The escape is very sensitive since it presented confidential medical information. The attackers could exploit the details leaked by specific discrimination and crimes of hatred, as well as a more standard cyber crime, such as identity theft, medical and financial fraud, phishing and scams,” said the researchers.
The information set out in this way includes images and documents loaded with people, sent messages, full names, telephone numbers, email addresses and unduigned card numbers.
While the examination of millions of messages might seem a discouraging task, feeding the file to a large language model (LLM) significantly simplifies the process. Threat actors could build detailed profiles for patients with the help of AI and use them to write authentic and personalized phishing lures.
Fortunately, after being notified about the problem, Unimed blocked the instance down.
He states that no one discovered it before Cybernews, and that no damage arose: “It did not cause Brazil to report that it has investigated an isolated incident, identified in March 2025, and quickly resolved, without evidence, so far, from any filtration of confidential data of customers, cooperative physical or health professionals”, the reading notification email. “In -depth investigation is still ongoing.”
A medical care cooperative is a non -profit organization owned by a member that provides or facilitates access to medical care services for its members.
