New Delhi: After the Union Health Ministry dismissed reports of a data breach on the CoWIN platform, cyber security firm CloudSEK has said that the threat actors neither have access to the entire portal nor to the backend database.
CloudSEK said in a report on Monday after an independent analysis, “Based on regions matching Telegram data and previously reported incidents affecting health workers in the region, we believe the information may have been compromised.” The credentials were scraped through.”
On March 13, a threat actor on a Russian cybercrime forum posted an advertisement for compromised access to the Tamil Nadu region’s CoWIN portal.
After an analysis, CloudSEK said, it was found that the breach was of a healthcare worker and not actually of the infrastructure. The content displayed on the screenshot matches with the one mentioned by the Telegram bot in the media – name of the person, mobile number, identity proof, identification number and number of doses completed.
“Additionally, there are many healthcare worker credentials available on the dark web for the CoWIN portal. However, the issue stems primarily from insufficient endpoint security measures implemented for healthcare workers, rather than any inherent vulnerabilities in CoWIN’s infrastructure security.” ” ,
Asserting that the CoWIN portal is completely secure with adequate safeguards for data privacy, the Union Health Ministry on Monday dismissed as “mischievous” the claims of data breach on the platform and said that the matter is being investigated by the country. was reviewed by the nodal cyber security agency CERT. -In.
The ministry also said in a statement that an internal exercise has been launched to review the existing security measures.
“With reference to some alleged CoWIN data breaches reported on social media…Indian Computer Emergency Response Team (CERT-In) responded immediately and it does not appear that the CoWin app or database has been directly breached,” Central said Minister of State for Electronics and Information Technology Rajeev Chandrasekhar.
In its statement, the Health Ministry said that the reports alleging data breach from the CoWIN portal, which is the repository of all the data of all those who have been vaccinated against COVID-19 in the country, have no basis.
“It is clarified that all such reports are baseless and mischievous. Co-WIN portal of Health Ministry is fully secured with adequate safeguards for data privacy.”
According to the statement, CERT-In in its preliminary report pointed out that the backend database for the Telegram bot was not directly accessing the API of the CoWIN database.