UPDATED: Coronavirus app reveals personal data, IT security firm found

The data of hundreds of thousands of patients who got tested for COVID-19 were at risk.

Mobile phone, illustrative stock photoMobile phone, illustrative stock photo (Source: TASR)

The data of clients in the Moje eZdravie app has been critically vulnerable.

The Nethemba IT security firm published a blog post on Thursday claiming that it was able to extract information about more than 130,000 patients who got the COVID-19 test in Slovakia, including their personal identification numbers (birth number) and the results of their coronavirus tests.

According to Nethemba, the data of 390,000 patients were in danger.

The Moje eZdravie app is the official app with information about the coronavirus in Slovakia that allows users to communicate with state authorities, particularly if they suspect they might have been infected with the novel coronavirus.

The ethical hackers from Nethemba reported they have downloaded and analysed a large sample of random data to find that it is from unique records. Based on numeric identificators they have found at least 391,250 valid records, including freshly recorded data about the tested patients.

The leaked information includes the name, surname, personal identification number, date of birth, sex, mobile phone number, place of residence, and e-mail address of those tested.

"This can be abused for sophisticated targeted social engineering attacks, like phishing," the blog of Nethemba reads.

The ethical hackers have also been able to access information about the result of the persons' COVID test, health insurer information and the name of the lab that performed the test.

Nethemba notified the providers about the error in the app and only reported about it once it was fixed on September 16 by 16:50.

Lawyer Peter Kováč from the Kinstellar law firm explained that this was a cyber security incident as well as a violation of personal data protection. The National Health Information Center (NCZI) that runs the app now has to report the violation to the Office for Personal Data Protection.

"The affected persons should be notified too," Kováč told the TASR newswire. In this case, when hundreds of thousands of people are at stake, it is necessary to make sure that the public is informed about the incident.

Kováč expects the leak to result in a high fine.

Officials admit there was a problem

The National Health Information Center admitted that there was a bug in the Moje eZdravie app.

The app’s vulnerability has been eliminated, confirmed NCZI on September 18. Its head Peter Bielik admitted that if the problem had not been discovered there may have been some damage.

The Nethemba company, which had pointed to the problem, promised it will not misuse the obtained data of tested people.

Top stories

Illustrative stock photo

Christmas with curfew, family visits will not be an exception

Stricter measures will come back if hospitalisations reach a critical level.

18 h

News digest: Slovak government eases measures but closes schools

First wave of easing the measures starts on Friday. President Čaputová listed among 100 most powerful women. Districts in western and central Slovakia should prepare for heavy snowfall.

17 h
Illustrative stock photo

Booster or bust: Foreigners still face vaccine barriers in Slovakia

How to have your Covid vaccine doses received abroad recognised in Slovakia.

7. dec

Pandemic dominated Google searches in Slovakia in 2021

In the category of foreign personalities, Slovaks searched Lady Gaga the most.

23 h
Skryť Close ad