Indonesia Probes Suspected Data Breach on COVID-19 App – Expert Comments

Indonesia is investigating a suspected security flaw in a COVID-19 test-and-trace app that left exposed personal information and the health status of 1.3 million people, a health ministry official said on Tuesday, according to Reuters.

Experts Comments

September 01, 2021
Trevor Morgan
Product Manager
comforte AG

The report that Indonesia is looking into a security flaw in a COVID-19 test-and-trace app accentuates two key issues around these types of applications. The first concern is that with sensitivities to these types of technologies already heightened by the pandemic and the politics surrounding it, having the threat of exposed PHI definitely means that users and the general public will be wary and more concerned for their data privacy.

The second issue is that software and app developers often

.....Read More

The report that Indonesia is looking into a security flaw in a COVID-19 test-and-trace app accentuates two key issues around these types of applications. The first concern is that with sensitivities to these types of technologies already heightened by the pandemic and the politics surrounding it, having the threat of exposed PHI definitely means that users and the general public will be wary and more concerned for their data privacy.

The second issue is that software and app developers often inadvertently build in data security vulnerabilities because data security seems to be a lagging concern in the development cycle—either a separate security team factors in data security later in the development cycle or the software developers cut corners in order to get more critical features and functions nailed down and working at the expense of proper data security measures.

The big push is to reposition data security upstream at the requirements and design phases so that data security is factored in by the developers throughout the entire development cycle and the application’s workflow.

Of course, proper design should include data-centric security measures such as protecting sensitive data through format-preserving encryption and tokenization methods. That way, if PHI or other sensitive data is accessed, it is unreadable and therefore cannot be leveraged.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.