Other issues in this category (25)
Global IT companies intend to create a "Health Wallet" app
Friday, January 22, 2021
In today's issue, we will talk about a hot topic: the various initiatives underway to introduce so-called "health passports" — in response to the coronavirus pandemic. This topic is directly related to the processing of personal data and, therefore, is nuanced in terms of possible improper usage and leakages.
Recently, it was reported that global giants of the IT industry—Microsoft, Oracle and Salesforce—are intending to develop a mobile application that will track a user's current vaccination and COVID-19 testing data. Ideally, this should allow people to return to their normal lives more quickly. The application will be developed within the Vaccination Credential Initiative (VCI) programme.
It is noted that the application will be directly connected to an "affiliated laboratory". Those without a smartphone would receive a paper version of the record containing a QR code that can be scanned in order to access their credentials.
Mike Sicilia, an Oracle executive, said: "As the world begins to recover from the pandemic, having electronic access to vaccination, testing, and other medical records will be vital to resuming travel and more. This process needs to be as easy as online banking."
Apparently, because it is to be used in a similar way as online banking systems, the application is to be given the name Health Wallet.
We’ll immediately note that the ease of access to such systems always has a flip side: many threats designed to steal money via online banking systems are present—there is clear confirmation of this, especially when it comes to Android devices.
Another question to which the authors of the initiative (and not only this one) are still not providing an answer: what will happen with the collected data after it loses its relevance? The pandemic will be over sooner or later, and restrictions will be removed, while the sensitive medical data is likely to remain in the system, tempting cybercriminals. All the more so because we are talking about a global database that a priori may turn out to be vulnerable because of the huge number of people and organisations connected to it. We can assume that, at some level, there could at least be a partial data disclosure. In addition, in future, this database could include more information. So, organisations that are interested in receiving user personal information (for example, advertisers and marketing specialists) will find it a useful way to strengthen their control over people's actions. Thus, having lost its "health" relevance, the database could remain popular for other purposes. And hackers will have tremendous opportunities—tons of useful information will be collected in a single location.
The issue of securing such data has been repeatedly raised in light of discussions about various "health passports". The fact that information about a person can wind up in the possession of a user's employer or government authorities are a particular cause of concern for critics of this format.
The Anti-virus Times recommends
For now, all of the aforementioned is an initiative and far from being realised. At the moment, the vaccinated have no prescribed advantage over everyone else, nor is there one generally recognized vaccine that is not causing controversy on a global scale, nor, moreover, is there pressure to use such applications.
Therefore, if you do not want your personal health information to get into the VCI database, you can always refuse to do this.
If returning to a more comfortable life (travelling, leisure time activities, shopping, and so on) is more important to you than these concerns, you can take the risk. But, at the same time, think about whether it is worth neglecting your privacy and risking a potential data leak. Perhaps, you should simply wait things out a bit longer.