The Latest Threat To Healthcare Data: COVID-19 Apps

By Josh Horwitz, COO, Enzoic.

Josh Horwitz

With vaccinations underway, it’s becoming possible to envision the light at the end of the pandemic tunnel; however, the post-COVID world will have some notable differences. One such example is the likely requirement of “immunity passports” to do any number of things: have elective surgery, attend college, or travel internationally.

The European Union, China, Israel and Japan are among the nations that have launched or plan to unveil such programs. In the U.S., states will be in charge of developing their programs with federal support as required. Given the partisan differences surrounding the pandemic response and economic recovery, this is likely to introduce numerous challenges in and of itself. But political concerns aside, the emergence of more coronavirus tracing apps and programs also brings some serious security challenges.

As PBS’ Laura Santhanam recently put it, “Unlike the physical [vaccination card used to track Yellow Fever], there are growing concerns about data privacy as documents verifying COVID-19 vaccination would exist and generally be accessed digitally.”  In fact, these concerns are so pressing that a new Forrester report includes the vulnerability of COVID-19 apps as one of the five major problems which could impede post-pandemic progress in 2021.

With that in mind, let’s take a look at some of the chief vulnerabilities and what governments and businesses alike should be cognizant of as these apps become more mainstream.

For example, a doctor may require “Write” access in order to edit or add information pertinent to a patient’s immunity or reaction to the vaccine. However, this permission should be the exception rather than the norm as hackers could wreak havoc should they be able to manipulate data within these apps and programs.

Including credential screening as part of any COVID-19 program can mitigate the poor password threat, as credentials are vetted against a live database of breached passwords at every login. If an exposure is detected, companies can then force a password reset or prompt another action to ensure the information remains safeguarded.

While it’s too early to say exactly how “immunity passports” will affect our lives, it’s safe to assume that vaccination data will be contained in an increasing array of digital apps and programs. And even if these are developed and housed by third-parties, the risk to healthcare institutions is just as pressing as if it were an EHR system or another hospital account. The healthcare industry must be vigilant about COVID-19 app security to ensure sensitive data isn’t compromised in our attempts to safely return to life as we once knew it.

Write a Comment

Your email address will not be published. Required fields are marked *