Cowin Data Breach: The Centre denied media claims that the information of every immunised Indian had been “leaked online” on Monday, stating that the CoWin portal of the health ministry is entirely secure and has protections for data privacy. The administration denounced to media stories as being unfounded and malicious in nature, claiming that they contained information about individuals who received the Covid-19 immunisation throughout the nation.
Government Asserts CoWin Portal’s Security Measures
The authorities alleged that several tweets had implied that a Telegram bot was being used to obtain people’s personal information who had received vaccinations. According to reports, the Bot may retrieve personal information by merely providing a beneficiary’s telephone number or Aadhaar number. The government reaffirmed that the portal is secure and said that additional security measures, such as Web Application Firewall, Anti-DDoS, SSL/TLS, routine vulnerability assessment, Identity & Access Management, etc., are in place on it. “Only OTP-based authentication is offered for data access. The administration continued, “All measures have been taken and are being taken to safeguard the security of the data in the CoWIN portal.
Government Clarifies CoWin Data Access Levels
The health ministry created, owns, and manages the CoWin portal. An empowered group on vaccine administration (EGVAC) was established to direct portal development and make policy choices. EGVAC was presided over by the former CEO of the National Health Authority (NHA), and members of MeitY and MoHFW. The beneficiary dashboard, authorised user, and API-based access are the three tiers of CoWin data access, according to the government. The government made it clear that no Bots could access the data of the immunised recipients without an OTP. For adult vaccinations, only the year of birth (YOB) is recorded, however it appears that media posts have stated that BOT also mentioned the day of birth (DOB). The government statement said, “There is no provision to record the beneficiary’s address. The Centre also made it clear that no data can be retrieved using an application programming interface (API) without an OTP. There are certain APIs that have been made available to third parties, like ICMR, in order to share data. One such API reportedly includes a capability that allows data sharing with only an Aadhaar mobile number. However, even this API is quite specific, and the Co-WIN application will only accept queries from trusted APIs that have been white-listed, the government continued.
CERT-In Launches Investigation into CoWin Security Issue
The Indian Computer Emergency Response Team (CERT-In) has been asked by the health ministry to investigate this problem and provide a report. In addition, a study of CoWIN’s current security precautions has begun internally. In its first assessment, CERT-In noted that the Telegram bot’s backend database did not directly access the CoWIN database’s APIs.
Must Read: Punjab News: Will AAP gain from ‘Masterji’s’ Magic ?
Keep watching our YouTube Channel ‘DNP INDIA’. Also, please subscribe and follow us on FACEBOOK, INSTAGRAM, and TWITTER
