Data Leak Interrupts Northern Ireland’s Vaccine Certification System
Corona virus’ online vaccine certification service was suspended in Northern Ireland by the region’s Department of Health as a consequence of a suspected data exposure. Both the web service and the mobile app were inaccessible as users of COVIDCert NI service had their data mixed up.
COVIDCert is an online vaccination certification service that enables fully vaccinated individuals in Northern Ireland to obtain a digital certificate verifying their vaccination status.
As per the government, Northern Ireland’s COVIDCert service was put on hold by the Department of Health as some of the users were exposed to data of other users.
The service is accessible as a web app via covidcertni. nidirect.gov.uk as well as a mobile app for both Android and iOS and should not be confused with separate systems existing in England and Wales known as NHS COVID.
Following the data incident, both the web and mobile app for the service were down. “Our services aren’t available right now. We’re working to restore all services as soon as possible. Please check back soon,” said an error message if the endpoints were accessed via the web app.
UK’s Information Commissioner’s Office was immediately brought to the knowledge of the incident by NI Department of Health. The notice emphasized on how the privacy of citizens remains at the top of the priority list.
“The Department of Health takes the privacy of citizen’s data very seriously and contact has been made with the Information Commissioner’s Office (ICO) as part of due diligence in protecting citizen’s data. Immediate action has also been taken to temporarily remove a part of the service that manages identity.”
The Department further notified about individuals who would not be directly impacted but will have to wait until the resolution of the issue for further processing of their application.
As the volume of patients and the pressure on healthcare services increase during the pandemic, the threat actors have also stepped up their efforts to either disrupt, exfiltrate, or encrypt data in exchange for ransomware. Ireland’s health service (HSE) was also recently a target of a ransomware where the hackers demanded $20m.
The Department of Health informed that they are working to resolve the issue as soon as possible. “The Northern Ireland COVID Certification Service will be available from 9am on 30 July for those travelling on 1 August in the first instance.”
“Some applications will be processed manually and applicants will be contacted via email on what to do as they progress.”