UPDATED: SEP 18, 2020, AT 18:15

UPDATED: Coronavirus app reveals personal data, IT security firm found

The data of hundreds of thousands of patients who got tested for COVID-19 were at risk.

Mobile phone, illustrative stock photoMobile phone, illustrative stock photo (Source: TASR)

The data of clients in the Moje eZdravie app has been critically vulnerable.

The Nethemba IT security firm published a blog post on Thursday claiming that it was able to extract information about more than 130,000 patients who got the COVID-19 test in Slovakia, including their personal identification numbers (birth number) and the results of their coronavirus tests.

According to Nethemba, the data of 390,000 patients were in danger.

The Moje eZdravie app is the official app with information about the coronavirus in Slovakia that allows users to communicate with state authorities, particularly if they suspect they might have been infected with the novel coronavirus.

The ethical hackers from Nethemba reported they have downloaded and analysed a large sample of random data to find that it is from unique records. Based on numeric identificators they have found at least 391,250 valid records, including freshly recorded data about the tested patients.

The leaked information includes the name, surname, personal identification number, date of birth, sex, mobile phone number, place of residence, and e-mail address of those tested.

"This can be abused for sophisticated targeted social engineering attacks, like phishing," the blog of Nethemba reads.

The ethical hackers have also been able to access information about the result of the persons' COVID test, health insurer information and the name of the lab that performed the test.

Nethemba notified the providers about the error in the app and only reported about it once it was fixed on September 16 by 16:50.

Lawyer Peter Kováč from the Kinstellar law firm explained that this was a cyber security incident as well as a violation of personal data protection. The National Health Information Center (NCZI) that runs the app now has to report the violation to the Office for Personal Data Protection.

"The affected persons should be notified too," Kováč told the TASR newswire. In this case, when hundreds of thousands of people are at stake, it is necessary to make sure that the public is informed about the incident.

Kováč expects the leak to result in a high fine.

Officials admit there was a problem

The National Health Information Center admitted that there was a bug in the Moje eZdravie app.

The app’s vulnerability has been eliminated, confirmed NCZI on September 18. Its head Peter Bielik admitted that if the problem had not been discovered there may have been some damage.

The Nethemba company, which had pointed to the problem, promised it will not misuse the obtained data of tested people.

Get daily Slovak news directly to your inbox

Top stories

Andrew Giarelli

If Bratislava had “talking statues”, they would gossip about Sputnik

Andrew Giarelli’s novel explores Rome’s centuries-long tradition of putting social commentary on statues.

5 h
PM Eduard Heger

Heger: The decision to make Matovič discuss Sputnik V was pragmatic

The prime minister also commented on the recent statements of an OĽaNO MP.

21 h
Illustrative stock photo

Another age group can now register for vaccination

The Health Ministry opened the registration for people older than 45 years.

22 h
Igor Matovič at the April 9 press conference.

Russia’s vaccine diplomacy received a blow

Several foreign media have reported on the recent dispute over the Russian vaccine Sputnik V in Slovakia.

23 h