Digital Passports | Mobile Apps

Digital Vaccine Passports – Are They a Blessing or a Security Risk?

Digital passports: are they the answer to opening up the country again or simply an unsecured backdoor left swinging in the wind? How would a digital vaccine passport affect, your business, and your personal life? These are the questions that need answering if we are ever to get back to ‘normal life’.

The new normal is fraught with restrictions regarding large gatherings of people, whether for entertainment, sporting events, or larger businesses. Covid has a lot to answer for having wrenched much of our hard-earned freedoms away from us.

With bans and restrictions on international travel affecting tourism and the economy, it’s no wonder the government and the World Health Organisation are looking for ways to remove the Covid shackles. But in order to grant us our freedom of movement, will this be at the cost of our digital security?

digital certificate vs. physical certificate

In South Africa and many other countries, paper-based vaccine certificates are the current form of proof of vaccination. However, the concern is that paper-based versions can easily be forged or tampered with, and even lost. In addition, there is no way to prove the EVDS (Electronic Vaccination Data System) number on the certificate is valid or genuine.

QR based digital certificates would remedy the situation allowing users to either print the QR code or download it onto their phone to present as proof of their vaccine status. This is an attempt by the WHO (World Health Organisation) to standardise vaccination proof globally. This initiative is thought to be a solution to possible fraud using security which meets international standards.

The downside, as we already know, is that QR codes come with their share of digital risks. If you aren’t aware of the risks, be sure to read our blog on the risks of QR codes here.

benefits of a digital passport

The WHO advocates the use of the digital passport which can be used for continued trace. The record will form part of an individual’s medical history and provide proof of vaccination status to places of study, employers, and at international borders.

A global digital passport –

  • Provides health workers with necessary information regarding subsequent doses or health services required.
  • Provides information regarding vaccine dose, vaccine type, and schedule of when the next dose is due.
  • Enables investigation into adverse vaccine effects and vaccine safety.
  • Allows for monitoring of vaccine status of individuals.
  • Proves vaccine status after a positive Covid-19 test and helps to understand vaccine effectiveness.
  • Provides proof of vaccine status for tertiary education, work, and travel.

when can we expect the digital passport?

Health minister Joe Phaahla announced that the government is looking at launching a digital Covid-19 vaccine certificate in the coming weeks. However, this is still very much a work in progress, and currently, no country offers this digital passport.

Once released, the digital passport would be available to all those who have their personal information stored on the EVDS system, including those vaccinated over the past months. The government plans to request that the passport is used to gain access to sporting events, large entertainment areas, and some businesses. However, public facilities and services will not be subjected to this requirement as the vaccine is not mandatory.

final thoughts

A digital passport could be the answer to all our freedom woes. However, as with any app or technology that uses your personal information, you should be aware there are always risks involved. All eyes are on world governments to see how they plan to roll out digital vaccine passports and what security measures will be in place.

Mobile Health Apps Need Better Health to Reduce Cybersecurity Attacks

Mobile health apps are becoming more and more popular in modern medicine enabling hospitals to collect and share patient information on an anywhere-anytime basis.

Health apps also help to deliver a streamlined and beneficial process allowing hospitals and doctors to track and manage patient health and giving patients access to their medical data at the push of a button. The problem though is that many of these apps have been developed at high speed focussing more on innovation than security leaving the apps vulnerable to cyber-attacks.

why are cybercriminals targeting mobile health apps?

Mobile health apps amass detailed profiles of their users, making them a prime opportunity for cybercriminals to jump in and steal valuable user data. Some of the information includes an identification number, cell phone numbers, email addresses, banking details, and physical addresses. The personal information can be used to carry out identity theft, guess login details for accounts, and even make online purchases (especially if they encounter saved card details online) and there is big money in the ‘full medical record’.

Pair all the above sensitive personal data with vulnerable cybersecurity measures, and you have a big problem. Stored patient records make for a cybercriminal field day! Crime syndicates are quickly catching on to the fact that mobile health apps have inadequate data protection, which puts hospitals and patients in a precarious position. Measures need to be put in place swiftly to avoid significant repercussions.

authorisation and authentication

Authorisation as a step of security on these apps is not sufficient. Pairing authorisation with authentication may be the solution to the above problem.

Name and password authentication is no longer an adequate cybersecurity level, particularly with apps that store such a vast amount of personal data. App designers need to implement a further step of authentication as an added security element, which can be implemented in multiple ways.

One of the most common added security layers these days is a one-time pin (OTP) number that is sent to the users’ mobile device. Without the OTP pin, there is no access to the profile.

Avoiding user-only input and requiring a one-time pin generated from an external source is a simple yet effective solution to the problem. This simple step should reduce the number of cyberattacks on mobile health apps.

The issue of authorisation without authentication is not limited only to mobile health apps – it would seem to be a common security flaw in many apps. The concern with health apps, however, is that they contain far more personal data, making them a hot target for cyber-criminals as a “jackpot” of user data.

conclusion

Mobile Health Apps can save lives but there is no denying that cyberattacks are on the rise and these health apps are being targeted. It is up to both developers and hospitals to partner together and go the extra mile to ensure all users are sufficiently protected against possible cyberattacks. With the right crypto applications, end-users can ensure that they keep their data and privacy safe from cybercriminals.