Skip to content

TASY Hospital Information System - Critical Patient Data Risk

Date: 2026-02-27 Classification: CRITICAL SECURITY INCIDENT Scope: TASY HIS instances at Rede D'Or hospital network

Executive Summary

TASY Hospital Information System (HIS) is a critical healthcare application managing patient medical records across Rede D'Or hospital network. The production instance at Jutta Batista hospital is integrated with Azure AD and exposed via potentially compromised credentials, creating direct risk to patient data confidentiality.

CRITICAL FINDING: Active Azure AD secret for TASY production environment: - App ID: b3a95d25-d382-4a72-bcca-975ac0b388d0 - Secret Hint: SxZ - Expiry: 2027-12-11 (expired from a security perspective - over 1 year old) - URL: https://hisjuttabatista.rededor.com.br/

TASY Applications Inventory

TASY Production - Jutta Batista Hospital

{
  "app_id": "b3a95d25-d382-4a72-bcca-975ac0b388d0",
  "name": "TASY-NACIONAL-JUTTA-BATISTA-PRD",
  "url": "https://hisjuttabatista.rededor.com.br/",
  "environment": "PRODUCTION",
  "hospital": "Jutta Batista (Rede D'Or São Luiz network)",
  "auth_type": "MSAL (Azure AD) SSO",
  "active_secrets": 1,
  "secret_hint": "SxZ",
  "expiry_date": "2027-12-11",
  "data_classification": "PHI/PII - Protected Health Information",
  "system_type": "Hospital Information System (HIS)",
  "patient_data_types": [
    "Patient demographics (name, DOB, SSN/CPF)",
    "Medical diagnoses and treatment history",
    "Laboratory results",
    "Imaging reports (X-rays, CT, MRI, Ultrasound)",
    "Pharmacy and medication records",
    "Surgical records and anesthesia notes",
    "Vital signs and clinical observations",
    "Allergies and adverse reactions",
    "Insurance and billing information"
  ],
  "estimated_patients": "Thousands of patients (hospital network)",
  "regulatory_context": "HIPAA equivalent (Brazil - LGPD - Lei Geral de Proteção de Dados)"
}

TASY Homologação (Test) - AWS Hosted

{
  "app_id": "204da288-210a-4aee-a4c0-4c40cc86a325",
  "name": "TASY-NACIONAL-AWS2-HML",
  "url": "https://html5-sp-hml-tasycloud02.rededor.com.br",
  "environment": "HML (Homologação/Testing)",
  "infrastructure": "AWS - sa-east-1 region",
  "active_secrets": 1,
  "secret_hint": "1UT",
  "expiry_date": "2027-08-21",
  "risk_note": "Test environment may contain production data snapshots"
}

Attack Scenarios

Scenario 1: Direct Hospital System Access

Attacker Profile: Credential holder (compromised Azure AD secret)

Attack Flow: 

1. Attacker obtains TASY-NACIONAL-JUTTA-BATISTA-PRD secret (hint: SxZ)
2. Authenticates to https://hisjuttabatista.rededor.com.br/
3. Gains full MSAL SSO session as service principal
4. Accesses patient database directly
5. Exports sensitive medical records
6. Exfiltrates patient PII (names, CPF, diagnoses)

Impact: - Access to all patient records at Jutta Batista hospital - Potential LGPD violation (Brazil data protection law) - Hospital network compromise via lateral movement - Regulatory fines and criminal liability

Scenario 2: Healthcare Business Associate Breach

Attacker Profile: Insider or compromised DevOps access

Attack Flow: 

1. Compromise TASY app via Azure DevOps secret
2. Modify patient appointment schedule
3. Inject malware into HIS reports (PDF tampering)
4. Perform pharmacy reconciliation fraud
5. Alter vital signs for specific patients
6. Create denial-of-service for hospital operations

Impact: - Patient safety risk (altered medical records) - Financial fraud (prescription tampering) - Loss of patient trust - Regulatory investigation and enforcement

Scenario 3: Lateral Movement to Hospital Network

Attacker Profile: External threat actor with Azure AD foothold

Attack Flow: 

1. Start with compromised Portal Dev secret (User.Read.All)
2. Enumerate hospital staff via Graph API
3. Use TASY secret to access HIS as healthcare professional
4. Gain internal IP visibility of hospital network
5. Use RDS endpoint discovery → access hospital databases
6. Move laterally to imaging systems (PACS)
7. Move laterally to pharmacy systems

Impact: - Full hospital network compromise - PACS (Picture Archiving and Communication System) breach - Pharmacy system compromise - Potential ransomware deployment

Data Flow & Risk Architecture

graph TD
    Attacker["Attacker / Compromised Account"]
    AzureAD["Azure AD Tenant<br/>03a1fb23-83f2-4fbf-81f9-e40d15b58719"]

    subgraph AzureApps["Azure AD Applications"]
        PortalDev["Portal Dev<br/>User.Read.All"]
        TasyApp["TASY-NACIONAL-JUTTA-BATISTA-PRD<br/>b3a95d25-d382-4a72<br/>Secret: SxZ"]
        TasyHML["TASY HML<br/>204da288-210a-4aee<br/>AWS Hosted"]
    end

    subgraph TasySystem["TASY Hospital Information System"]
        TasyFrontend["TASY Web UI<br/>hisjuttabatista.rededor.com.br"]
        TasyAuth["MSAL Authentication"]
        TasyDB["Hospital Database<br/>PostgreSQL/Oracle"]
    end

    subgraph PatientData["Patient Medical Records"]
        Demographics["Patient Demographics<br/>Names, CPF, DOB, Address"]
        Diagnoses["Diagnoses & Treatment<br/>Medical History"]
        Labs["Lab Results<br/>Blood Tests, Cultures"]
        Imaging["Medical Imaging<br/>X-rays, CT, MRI"]
        Pharmacy["Pharmacy Records<br/>Medications, Prescriptions"]
        Surgical["Surgical Records<br/>Operations, Anesthesia"]
    end

    subgraph HospitalNetwork["Rede D'Or Hospital Network"]
        JuttaBatista["Jutta Batista Hospital<br/>Primary Site"]
        PACS["PACS System<br/>Imaging Archive"]
        PharmacySys["Pharmacy System<br/>Dispensary Management"]
        RIS["RIS System<br/>Radiology Info"]
    end

    Attacker -->|Compromises| AzureAD
    AzureAD -->|Issues Token| TasyApp
    TasyApp -->|MSAL SSO| TasyAuth
    TasyAuth -->|Authenticates| TasyFrontend
    TasyFrontend -->|Queries| TasyDB

    TasyDB -->|Contains| Demographics
    TasyDB -->|Contains| Diagnoses
    TasyDB -->|Contains| Labs
    TasyDB -->|Contains| Imaging
    TasyDB -->|Contains| Pharmacy
    TasyDB -->|Contains| Surgical

    TasyFrontend -->|Integrated with| JuttaBatista
    JuttaBatista -->|Sends Data| PACS
    JuttaBatista -->|Sends Data| PharmacySys
    JuttaBatista -->|Sends Data| RIS

    PortalDev -->|User Enumeration| AzureAD
    PortalDev -->|Identifies Hospital Staff| HospitalNetwork

    style Attacker fill:#ff3333
    style TasyApp fill:#ff3333
    style TasyDB fill:#ff6666
    style PatientData fill:#ff9999
    style TasyAuth fill:#ff6666

Compliance & Regulatory Risk

LGPD (Lei Geral de Proteção de Dados) - Brazil

TASY healthcare data falls under LGPD strict personal data protection:

Articles at Risk: - Article 5: Definition of personal data (patient PII, medical history) - Article 6: Legal basis for processing (TASY processes health data) - Article 7: Consent requirements (patient must consent) - Article 9: Processing sensitive data (health data restricted) - Article 13: Data controller obligations (RedeDor is controller) - Article 14: Data processor obligations (TASY vendor)

Potential Penalties: - Up to 2% of revenue (annual turnover) or R$ 50 million - Per violation, per patient affected - Hospital closure in severe cases

HIPAA Equivalent Considerations

While HIPAA is US-focused, TASY operates similarly: - Patient authentication logs - Record access auditing - Encryption requirements - Business associate agreements - Incident notification requirements

Patient Notification Obligations

Under LGPD Article 18: - Must notify affected patients of data breach - Notification within 72 hours (or immediately for patient safety risk) - Must document all affected patients - Must demonstrate reasonable security measures

Secret Exposure Timeline

Current Status

Secret Created/Updated: Unknown (no git history available)
Current Age: 1+ year (based on expiry 2027-12-11)
Last Rotation: Unknown
Rotation Status: OVERDUE for healthcare best practices

Exposure Risk Assessment

If secret was in repository (indicated by findings): - Exposure window: Unknown but potentially months - Git history exposure: Permanent (cloned repos contain full history) - Accessible to: Anyone with repo access (rededorlabs Azure DevOps)

Patient Safety Risk Assessment

Direct Patient Impact

Risk Category Severity Impact Mitigation Status
Unauthorized PHI access CRITICAL Patient privacy breach Not mitigated
Medical record tampering CRITICAL Patient safety risk Not mitigated
Treatment history modification CRITICAL Wrong medication administration Not mitigated
Allergy record deletion CRITICAL Allergic reaction risk Not mitigated
Surgical history modification HIGH Wrong procedure risk Not mitigated
Lab result tampering HIGH Wrong diagnosis Not mitigated

Hospital Operational Risk

Risk Severity Impact
System unavailability (ransomware) CRITICAL Surgery delays, patient safety
Appointment system manipulation HIGH Patient scheduling chaos
Pharmacy system compromise HIGH Wrong medication dispensing
Billing fraud MEDIUM Financial loss
Network lateral movement CRITICAL Other hospital systems

Remediation Roadmap

IMMEDIATE (Within 24 hours)

  • [ ] Step 1: Rotate TASY-NACIONAL-JUTTA-BATISTA-PRD secret immediately 

    1. Generate new secret in Azure Portal
2. Update TASY application configuration
3. Verify authentication works
4. Delete old secret
5. Document rotation

  • [ ] Step 2: Rotate TASY-NACIONAL-AWS2-HML secret

  • Same process as production

  • [ ] Step 3: Enable audit logging

  • Enable Azure AD sign-in logs for both TASY apps
  • Enable TASY application audit trails

  • Review last 30 days for unauthorized access

  • [ ] Step 4: Patient notification assessment

  • Determine if breach occurred (unauthorized access)
  • Engage legal/compliance team
  • Prepare LGPD notification procedures

SHORT TERM (Within 1 week)

  • [ ] Step 5: Implement MFA for TASY app
  • Require conditional access for TASY authentication
  • Implement device compliance checks

  • Enable risk-based authentication

  • [ ] Step 6: Restrict TASY credential access

  • Limit who can view/rotate secrets
  • Move secrets from repos to Azure Key Vault

  • Implement secret management policy

  • [ ] Step 7: PACS system review

  • Check if PACS accesses TASY database
  • Review PACS-TASY integration logs
  • Verify imaging data access controls

MEDIUM TERM (Within 1 month)

  • [ ] Step 8: Implement healthcare-specific security controls
  • HIPAA/LGPD compliance audit
  • Hospital network segmentation review

  • Implement HL7 encryption requirements

  • [ ] Step 9: Deploy secrets management

  • Move all healthcare app secrets to Key Vault
  • Implement automated secret rotation

  • Restrict secret access to approved personnel

  • [ ] Step 10: Incident investigation

  • Audit all TASY access logs (past 90 days)
  • Check for data exfiltration indicators
  • Review Azure AD token usage
  • Interview hospital IT staff

Mermaid: TASY Risk Chain to Patient Impact

graph LR
    Secret["TASY Production Secret<br/>b3a95d25-d382-4a72<br/>Hint: SxZ"]

    Compromise["Secret Compromise<br/>From Git/DevOps/Insider"]

    Auth["MSAL Authentication<br/>to TASY PRD"]

    Access["HIS System Access<br/>hisjuttabatista.rededor.com.br"]

    Data["Patient Data Access<br/>Medical Records<br/>Demographics, Diagnoses,<br/>Medications, Labs"]

    Breach["Data Breach<br/>PHI Exfiltration<br/>LGPD Violation"]

    Harm["Patient Harm<br/>Identity Theft,<br/>Medical Fraud,<br/>Privacy Violation"]

    Regulatory["Regulatory Action<br/>LGPD Fines,<br/>Hospital Closure Risk,<br/>Criminal Charges"]

    Secret --> Compromise
    Compromise --> Auth
    Auth --> Access
    Access --> Data
    Data --> Breach
    Breach --> Harm
    Harm --> Regulatory

    style Secret fill:#ff3333
    style Compromise fill:#ff3333
    style Auth fill:#ff6666
    style Access fill:#ff6666
    style Data fill:#ff9999
    style Breach fill:#ffcccc
    style Harm fill:#ffeeee
    style Regulatory fill:#ffcccc

Detection Indicators

Azure AD Logs to Monitor

Sign-in logs for:
- App ID: b3a95d25-d382-4a72-bcca-975ac0b388d0
- App ID: 204da288-210a-4aee-a4c0-4c40cc86a325

Anomalies:
- Unusual sign-in locations (non-hospital IP ranges)
- Bulk data access patterns
- After-hours access to medical records
- Failed authentication attempts followed by success

TASY Application Logs

Monitor for:
- Patient record bulk queries
- Export functionality abuse
- Failed access attempts with subsequent access
- Privileged operations (admin modifications)
- Data downloads outside normal business hours

Hospital Network Indicators

IDS/IPS alerts:
- Large data transfers from TASY servers
- Unusual database queries
- Lateral movement from TASY to PACS/Pharmacy
- Exfiltration attempts to external IPs

References & Standards

  • LGPD (Lei Geral de Proteção de Dados): Brazil's data protection law
  • HIPAA: US Health Insurance Portability and Accountability Act (reference)
  • NIST Cybersecurity Framework: Healthcare application guidance
  • CMS Security Rule: Medical records security requirements
  • HL7 FHIR: Healthcare data exchange standards with encryption

Conclusion

The TASY Hospital Information System represents the highest-risk finding in this audit:

  1. Patient Safety: Direct access to medical records
  2. Regulatory: LGPD penalties up to R$ 50 million
  3. Trust: Patient privacy breach in healthcare setting
  4. Operational: Hospital system compromise risk

Immediate action required. Secret rotation must occur within 24 hours, followed by comprehensive audit and remediation of underlying credential management practices.