Home » Health »  Co-WIN portal of Health Ministry is Completely Safe with safeguards for Data Privacy

 Co-WIN portal of Health Ministry is Completely Safe with safeguards for Data Privacy

Newdelhi:12/6/23:There are some media reports claiming breach of data of beneficiaries who have received COVID vaccination in the country, on some social media platforms. These reports allege breach of data from the Co-WIN portal of the Union health Ministry, which is repository of all data of beneficiaries who have been vaccinated against COVID19.

Certain posts on the social media platform Twitter have claimed using a Telegram (online messenger application) BOT, the personal data of individuals who have been vaccinated is being accessed. It is reported that the BOT has been able to pull individual data by simply passing the mobile number or Aadhaar number of a beneficiary.

It is clarified that all such reports are without any basis and mischievous in nature.  Co-WIN portal of Health Ministry is completely safe with adequate safeguards for data privacy. Furthermore, security measures are in place on Co-WIN portal, with Web Application Firewall, Anti-DDoS, SSL/TLS, regular vulnerability assessment, Identity & Access Management etc. Only OTP authentication-based access of data is provided. All steps have been taken and are being taken to ensure security of the data in the CoWIN portal.

COWIN was developed and is owned & managed by MoHFW. An Empowered Group on Vaccine Administration (EGVAC) was formed for steering the development of COWIN and for deciding on policy issues. Former CEO National Health Authority (NHA), chaired EGVAC which also included members from MoHFW and MeitY.

Co-WIN data access – At present individual level vaccinated beneficiary data access is available at three levels, as below:

  • Beneficiary dashboard- The person who has been vaccinated can have an access to the Co-WIN data through use of registered Mobile number with OTP authentication.
  • Co-WIN authorized user- The vaccinator with use of authentic login credential provided can access personal level data of vaccinated beneficiaries. But the COWIN system tracks & keeps record of each time an authorized user accesses the COWIN system.
  • API based access – The third party applications who have been provided authorised access of Co-WIN APIs can access personal level data of vaccinated beneficiaries only through beneficiary OTP authentication.

Telegram BOT –

  • Without OTP vaccinated beneficiaries’ data cannot be shared to any BOT.
  • Only Year of Birth (YOB) is captured for adult vaccination but it seems that on media posts it has been claimed that BOT also BOT mentioned date of Birth (DOB).
  • There is no provision to capture address of beneficiary.

The development team of COWIN has confirmed that there are no public APIs where data can be pulled without an OTP. In addition to the above, there are some APIs which have been shared with third parties such as ICMR for sharing data. It is reported that one such API has a feature of sharing the data by calling using just a mobile number of Aadhaar. However, even this API is very specific and the requests are only accepted from a trusted API which has been white-listed by the Co-WIN application.

Union Health Ministry has requested the Indian Computer Emergency Response Team (CERT-In) to look into this issue and submit a report. In addition, an internal exercise has been initiated to review the existing security measures of CoWIN.

CERT-In in its initial report has pointed out that backend database for Telegram bot was not directly accessing the APIs of CoWIN database.

About Editor in chief

Ashok Palit has completed his graduation from Upendranath College Soro, Balasore and post graduation from Utkal University in Odia Language and literture.. He has also carved out a niche for himself as a scribe of eminence after joining the profession in 1988. He is also an independent media production professional. He brings loads of experience to Advanced Media, Ashok Palit as a cineaste has been active in film criticism for over three decades. As a film society activist, he soared to eminence for his profound commitment to the art film appreciation and aesthetics of cinema. His mode of discourse is often erudite but always lucid and comprehensible marked by a perfect acumen so rare in the field. A film aesthete with an immense fond of critical sensibilities, he wrote about growth and development of odia cinema in New Indian Express, The Times of India, The Hindustan Times, The Asian Age and Screen. He has been working as an Editor for Cine Samaya from 2002-2004.. He had made solid contribution on cinema in many odia Dailies and weekly such as Samaj, Prajatantra, Dharatri, Samaya, Satabadi, and weekly Samaya.
x

Check Also

 Service in uniform requires a lot of sacrifice in one’s personal life:Mohan Charan Majhi

Bhubaneswar:13/7/24: Service in uniform requires a lot of sacrifice in one’s personal life.  Good conduct along with duty in this area helps in enhancing the image of the police. You must ...