Indian Health Ministry Shuts Down Data Breach Claims, Ensures Co-WIN Portal’s Fortified Security

 

Indian Government Assures Safety of Cowin App Data Amid Breach Allegations

Following allegations of data breaches related to India's Cowin app, Rajeev Chandrasekhar, the Minister of State for Electronics and Information Technology (MEITY), has assured the public that the app and its database have not been directly breached. Concerns about the security of personal information were raised when breaches were reported on social media platforms.

Investigations carried out by the Indian Computer Emergency Response Team (CERT-In) have revealed that a Telegram Bot was responsible for displaying Cowin app details when phone numbers were entered. However, the data accessed by the bot appears to have originated from a threat actor database. This database seems to have been populated with previously breached or stolen data from the past.

Also Read: Kashmiri Brother-in-Law could not show Kamal, and pressure on Nagpur police failed

To address such security concerns, the Indian government has finalized the National Data Governance policy. This policy aims to establish a common framework for data storage, access, and security standards across all government entities. With this policy in place, the government aims to enhance the protection of sensitive information and prevent future data breaches.

Recent media reports alleging a breach of data from the Co-WIN portal of India's Union Health Ministry have been dismissed as baseless and mischievous by the ministry. These reports suggested that personal data of individuals who have been vaccinated against COVID-19 could be accessed through a Telegram Bot. However, the ministry has clarified that the Co-WIN portal is completely safe, with robust safeguards in place to protect data privacy.

The Co-WIN portal, developed and managed by the Ministry of Health and Family Welfare (MoHFW), incorporates various security measures such as a Web Application Firewall, Anti-DDoS protection, SSL/TLS encryption, regular vulnerability assessments, and Identity & Access Management protocols. Access to data on the portal is strictly based on One-Time Password (OTP) authentication, ensuring the confidentiality and security of individuals' information.

The Co-WIN data access is structured at three levels. Firstly, vaccinated individuals can access their own data through the beneficiary dashboard by using their registered mobile number and undergoing OTP authentication. Secondly, authorized vaccinators can access personal-level data of vaccinated beneficiaries through authenticated login credentials. It is important to note that every access to the Co-WIN system is recorded for accountability.

Thirdly, third-party applications with authorized access to Co-WIN APIs can only access personal-level data of vaccinated beneficiaries through beneficiary OTP authentication. The Co-WIN system does not allow sharing of vaccinated beneficiaries' data with any Telegram Bot without OTP authentication. Additionally, the system only captures the Year of Birth (YOB) for adult vaccination, contrary to claims on social media suggesting that the BOT has access to Date of Birth (DOB) and address information, which is not captured.

The development team of Co-WIN has confirmed that there are no public APIs where data can be accessed without OTP authentication. While some APIs have been shared with trusted third parties like the Indian Council of Medical Research (ICMR) for data sharing, these APIs have specific features and can only be accessed by trusted white-listed applications.

Also Read: Cybercrime in Nagpur - Cyber Blackmailer Couple Arrested in Pune for Extorting Money

In response to the allegations, the Union Health Ministry has requested the Indian Computer Emergency Response Team (CERT-In) to thoroughly investigate the matter and provide a detailed report. An internal review of the existing security measures of Co-WIN has also been initiated to ensure the continued protection of data.

In its initial report, CERT-In has highlighted that the backend database of the Telegram Bot did not directly access the Co-WIN database APIs, further affirming the security measures in place.


Indian Government Assures Safety of Cowin App Data Amid Breach Allegations

  • Rajeev Chandrasekhar, the Minister of State for Electronics and Information Technology, provides assurance that the Cowin app and its database have not been directly breached.

  • The Indian government has finalized the National Data Governance policy to establish a common framework for data storage, access, and security standards across all government entities.

  • The Co-WIN portal, managed by the Ministry of Health, incorporates robust security measures, including a Web Application Firewall, Anti-DDoS protection, SSL/TLS encryption, regular vulnerability assessments, and Identity & Access Management protocols.

  • Access to data on the Co-WIN portal is strictly based on One-Time Password (OTP) authentication, ensuring the confidentiality and security of individuals' information.

  • The Ministry of Health has requested CERT-In to thoroughly investigate the alleged data breaches and provide a detailed report.

Source: https://www.the420.in/indian-health-ministry-shuts-down-data-breach-claims-ensures-co-win-portals-fortified-security/

Comments

Post a Comment

Popular posts from this blog

From China to Agra: 27 Illegal Cricket Betting Sites Shut Down in Major Operation, Full Detail Inside

Image
  In a commendable display of proactive law enforcement, the Cyber Cell in Agra has successfully taken down a web of copyright violations, illegal online gambling, and betting activities. This operation has resulted in the blocking of 27 illicit websites engaged in betting and online gaming, safeguarding approximately 15 lakh Indians from potential fraud. Moreover, it has prevented an estimated Rs 38 thousand crores from being transferred to foreign shores, primarily China. Unveiling the Operation The roots of this operation can be traced back to a complaint filed by Hotstar India Company. The complaint highlighted unauthorized copying of live content, live games, third-party apps, and more. These infringements were made possible through the download and dissemination of the content via various web portals and foreign servers, including those in China, Vietnam, Philippines, and Russia. Uncovering the Extent of Fraud As the investigation delved deeper, it revealed a sprawling networ...
Read more

Cybercrime in Nagpur - Cyber Blackmailer Couple Arrested in Pune for Extorting Money

Image
A sensational case of  cyber black mailing  and cheating has come to light in the city.  In this case registered at Pratap Nagar police station, the police have arrested 3 including the main accused IT professional husband and wife from Pune. Arrested accused includes Shatrughan Singh Tangral and his wife Manjusha along with Rahul Satyendra Jha, all three are residents of Pune. It is alleged that he stole source code and client's data from the director of a company based in Nagpur in the last 5 years and blackmailed them with rigging of about 9 crores. Police have booked a total of 12 people under various sections of cybercrime including cheating and blackmailing threats etc. Probably this is the first case of cyber blackmailing in the city.   Loot of 9 crores in 5 years All the three accused were produced in the court on Friday from where they were sent to police custody for 4 days. The prosecution argued that, the accused are highly educated and are tricksters. If ...
Read more

Kashmiri Brother-in-Law could not show Kamal, and pressure on Nagpur police failed

Image
  The City Exelon Software Private Limited Company in Nagpur has been rocked by a case of cyber blackmailing , source code and data theft, and software rigging that has left its director, Vinod Kumar Tambi, reeling. The accused parties include Pune resident IT professional Shatrughan Singh Tangral and his wife, Manjusha, who are the main culprits in the case. It is alleged that they used Tambi's company's source code and data to form their own company and rigged bills worth crores. The couple was caught and arrested, but Shatrughan's brother-in-law, who is an inspector in the Jammu and Kashmir Police, arrived in Nagpur to save his brother-in-law. However, he has failed to make any headway with the Nagpur police, who are under pressure from the IPL lobby. It has come to light that Shatrughan and his wife Manjusha started forging documents and making fake bills by taking some IT professionals of Exelon along with them to benefit their private company. The couple made fake bil...
Read more