Unimed Data Leak Exposes 14 Million Patient Chats

Unimed, the world’s largest healthcare cooperative based in Brazil, exposed at least 14 million patient-doctor communications due to a misconfiguration in its data infrastructure, Cybernews reported. The breach occurred through an unsecured deployment of Apache Kafka, an open-source platform used for real-time data transmission.

The leaked data included conversations between patients and healthcare professionals, as well as interactions with Unimed’s chatbot, Sara. The exposed Kafka instance lacked basic security protocols, allowing unrestricted access to sensitive communications.

It remains unclear how long the data was publicly accessible or whether any malicious actors exploited the exposure before its discovery. The incident underscores ongoing concerns around cybersecurity hygiene, particularly in critical sectors like healthcare where sensitive personal information is routinely processed.

Unimed has not publicly commented on the breach, and no official disclosure has been made regarding potential impacts. The situation highlights risks associated with misconfigured open-source technologies in digital health platforms.