MANILA, Philippines — The online database system maintained by the government for its implementation of the COVID-19 National Vaccination Program (CNVP) had exposed sensitive information of the public to possible breaches, the Commission on Audit (COA) said in its latest report.
In its report on the CNVP, uploaded on its website on Dec. 23, the COA said all concerned government agencies and stakeholders must work together in improving cyber security in the country as it noted several deficiencies or “security control weaknesses” in the government’s Vaccine Information Management System (VIMS).
The VIMS was maintained by the government in connection with its implementation of CNVP in 2021 to 2022 pursuant to Republic Act 11525 or the COVID-19 Vaccination Program Act. The VIMS was mainly used to measure the daily vaccination accomplishments or the so-called quick counts, and served as a database of inoculated individuals by local government units (LGUs).
“The audit revealed significant weaknesses in the VIMS regarding data input, processing, access controls, logging functionality and adherence to data privacy requirements. These deficiencies resulted in the entry of invalid, inaccurate and duplicate data, increasing the risk of unauthorized access to the sensitive personal information of millions of Filipinos,” the COA report read.
“The lack of NDAs (non-disclosure agreements) further exacerbates this risk, potentially leading to data breaches and non-compliance with the Data Privacy Act (DPA) of 2012,” it added.
The COA said among the information contained in the VIMS which were exposed to possible breaches include personal data coming from the health declaration forms and consent forms filled out by the vaccine beneficiaries such as name, birthday, mobile number, address and medical history.
COVID-19 vax program exposed data to possible breaches – COA
Marcelo
MANILA, Philippines — The online database system maintained by the government for its implementation of the COVID-19 National Vaccination Program (CNVP) had exposed sensitive information of the public to possible breaches, the Commission on Audit (COA) said in its latest report.
In its report on the CNVP, uploaded on its website on Dec. 23, the COA said all concerned government agencies and stakeholders must work together in improving cyber security in the country as it noted several deficiencies or “security control weaknesses” in the government’s Vaccine Information Management System (VIMS).
The VIMS was maintained by the government in connection with its implementation of CNVP in 2021 to 2022 pursuant to Republic Act 11525 or the COVID-19 Vaccination Program Act. The VIMS was mainly used to measure the daily vaccination accomplishments or the so-called quick counts, and served as a database of inoculated individuals by local government units (LGUs).
“The audit revealed significant weaknesses in the VIMS regarding data input, processing, access controls, logging functionality and adherence to data privacy requirements. These deficiencies resulted in the entry of invalid, inaccurate and duplicate data, increasing the risk of unauthorized access to the sensitive personal information of millions of Filipinos,” the COA report read.
“The lack of NDAs (non-disclosure agreements) further exacerbates this risk, potentially leading to data breaches and non-compliance with the Data Privacy Act (DPA) of 2012,” it added.
The COA said among the information contained in the VIMS which were exposed to possible breaches include personal data coming from the health declaration forms and consent forms filled out by the vaccine beneficiaries such as name, birthday, mobile number, address and medical history.