![[Weekly funding roundup May 24-30] Capital inflow continues to remain steady](https://images.yourstory.com/cs/2/220356402d6d11e9aa979329348d4c3e/Weekly-funding-1741961216560.jpg)
World’s largest healthcare cooperative leaks millions of patient-doctor messages
Experts warn Unimed kept an open database with chat logs exposed to the wider internet.
- Cybernews finds major database containing chat logs unsecured online
- The archive belongs to one of the biggest healthcare cooperatives, Unimed
- There is no evidence of prior abuse, it was said, but users should be on their guard
One of the world’s biggest healthcare cooperatives kept an open database with “millions of patient-doctor messages”, along with plenty of sensitive healthcare information, documents, images, and more.
Cybersecurity researchers from Cybernews found an exposed Kafka instance, and attributed it to Unimed.
Subsequent investigation determined the logs were generated when patients talked to Sara, Unimed’s AI-powered chatbot, as well as human doctors.
Images, PII, and more
Cybernews said its researchers were able to intercept more than 140,000 messages sent via the company’s chat feature but, based on the logs of the leaking instance, “at least 14 million” messages could have been sent this way.
“The leak is very sensitive as it exposed confidential medical information. Attackers could exploit the leaked details for discrimination and targeted hate crimes, as well as more standard cybercrime such as identity theft, medical and financial fraud, phishing, and scams,” the researchers said.
The information exposed this way includes people’s uploaded pictures and documents, sent messages, full names, phone numbers, email addresses, and Unimed card numbers.
While sifting through millions of messages could feel like a daunting task, feeding the archive into a Large Language Model (LLM) significantly simplifies the process. Threat actors could build detailed patient profiles with the help of AI, and use them to draft authentic, personalized phishing lures.
Luckily enough, after being notified about the issue, Unimed locked the instance down.
It claims that no one discovered it before Cybernews, and that no harm came of it: “Unimed do Brasil informs that it has investigated an isolated incident, identified in March 2025, and promptly resolved, with no evidence, so far, of any leakage of sensitive data from clients, cooperative physicians, or healthcare professionals,” the notification email reads. “An in-depth investigation remains ongoing.”
A healthcare cooperative is a member-owned, nonprofit organization that provides or facilitates access to healthcare services for its members.
You might also like
- This ancient browser security flaw affecting Safari, Chrome and Firefox is finally being fixed
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
