Investigations into the reported data breach on the CoWIN portal have ascertained that there was no bulk data download from its beneficiary database, Union Minister for State for Health S P Singh Baghel told the Lok Sabha on Friday.
The CoWIN portal of the Union health ministry already has adequate security measures and safeguards for data privacy with Web Application Firewall (WAF), Anti-DDoS and SSL/TLS (regular vulnerability assessment) identity and access management, the minister said in a written reply in the Lower House.
The CoWIN portal is the repository of all data of people who have been vaccinated against COVID-19.
"There were media reports of apparent breach of CoWIN data of beneficiaries who have received Covid vaccination in the country. The matter was investigated and analysed by CERT-In under the Ministry of Electronics and Information Technology and it was ascertained that there was no bulk data download from Co-WIN beneficiary database," Baghel said.
In view of media reports on CoWIN data breach, additional steps have been taken to strengthen data safety on the portal, he said.
A two-factor authentication feature (password and OTP) for login by users has been put in place on the CoWIN portal and all log trails of users are captured and stored securely in its database, he said.
Password reset has been done for all service providers registered on CoWIN. The CoWIN security audit has been completed and it would be undertaken on a regular basis (every quarter), Baghel said.
(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)