Reports of a potential Co-WIN breach that could have exposed information on more than 100 million immunised people surfaced recently.

In this episode of News Explained, the Deputy Editor of businessline, Jyothi Datta, discusses the recent Co-WIN data breach and its impact on the general public.

Initially, there were reports of the Co-WIN portal being breached, which raised concerns about the leakage of personal information provided during the vaccination registration process.

People shared sensitive details such as passport information, card numbers, and license details. The Ministry of Health and IT officials later stated that the portal was safe, but investigations are ongoing to determine how the information was accessed.

The government’s current explanation suggests that a bot on the messaging app Telegram was collecting data from the portal and making it available to anyone. It is stated that the bot has been disabled, but further answers are awaited.

When it comes to the security features protecting users’ data on the Co-WIN portal, personal details are not readily available to anyone accessing the site. Most data is OTP (One-Time Password) protected, ensuring that information is not disclosed without the corresponding password. Some data is shared with trusted institutions like the Indian Council of Medical Research, but access to personal details is restricted. Broad demographic information is publicly available, but personal information is not readily accessible through a phone number or similar means.

Healthcare institutions, both in India and globally, have faced online attacks, highlighting the need for proactive measures to safeguard sensitive data. Establishing a national framework for data protection is crucial, and conversations regarding internet freedom and accountability are ongoing.

Key aspects include the ability to delete data once it is no longer required and holding accountable those responsible for breaches to reinforce trust in the system. In addition to a robust framework, individuals are advised to practise basic digital hygiene, such as avoiding sharing passwords and OTPs and accessing critical health information in secure environments. Read the full story here.