Indonesia is investigating a suspected security flaw in a COVID-19 test-and-trace app that left exposed personal information and the health status of 1.3 million people, a health ministry official said on Tuesday, according to Reuters.
<p>The report that Indonesia is looking into a security flaw in a COVID-19 test-and-trace app accentuates two key issues around these types of applications. The first concern is that with sensitivities to these types of technologies already heightened by the pandemic and the politics surrounding it, having the threat of exposed PHI definitely means that users and the general public will be wary and more concerned for their data privacy.</p>
<p>The second issue is that software and app developers often inadvertently build in data security vulnerabilities because data security seems to be a lagging concern in the development cycle—either a separate security team factors in data security later in the development cycle or the software developers cut corners in order to get more critical features and functions nailed down and working at the expense of proper data security measures.</p>
<p>The big push is to reposition data security upstream at the requirements and design phases so that data security is factored in by the developers throughout the entire development cycle and the application’s workflow.</p>
<p>Of course, proper design should include data-centric security measures such as protecting sensitive data through format-preserving encryption and tokenization methods. That way, if PHI or other sensitive data is accessed, it is unreadable and therefore cannot be leveraged.</p>
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics