Government must ensure security control for EVDS
President Cyril Ramaphosa took a bold step in proclaiming a move from adjusted alert level three to level one, thereby enabling the resumption of most businesses in a near to normal state. Considering the negative impact that previous lockdowns have had on the economy, it’s not rocket science that such a move is necessary. Though well-received by business, others regard the move as premature.
Those opposing the move deem it a step in the wrong direction, which will soon result in the country experiencing a third wave of infections. This move comes as more than 80 000 healthcare workers received their Johnson & Johnson jabs as part of the herd immunity plan. Next in line are the elderly, those with comorbidities and institutional workers, and then the general population.
Various Covid-19 education and awareness campaigns have unremittingly communicated that a once-off vaccination, which can be in two doses depending on the vaccination administered, is sufficient for the citizenry to be immunised. However, with growing panic, fear and anxiety, prospects are high that some citizens might attempt to get vaccinated multiple times on the premise that more vaccines would guarantee their safety.
In a move aimed at ensuring the adequate management, and surveillance of vaccines, the health department deployed an electronic vaccination data system (EVDS) to ensure that the process is adequately managed, and that there’s fairness and transparency in the distribution of vaccines.
This is an online self-enrollment portal that uses data to track vaccine-related information. Critical data categories required for its effectiveness are: patient information including demographics and number of doses; safety information such as possible adverse events following immunisation; and vaccine administration sites details.
These data sets are sensitive in nature and ought to be safely handled in line with regulatory requirements, more so as health data has recently been highly targeted by cybercriminals since the dawn of the pandemic.
It’s concerning that the theft and sale of data is highly lucrative worldwide, and health data in particular, is in high demand as some organisations are prepared to go the extra mile in accessing data, exposing vulnerabilities in the health system and thereafter strategically position themselves to solicit funds from unsuspecting organisations.
Check Point, a leading cyber security solutions company, reported a 45% global increase in cyber crimes targeted at hospitals and healthcare organisations since November. South Africa recorded an increase from approximately 430 incidents per organisation in October 2020 to 626 in December last year, with ransomware attacks being common attack techniques. By virtue of it being positioned as a central vaccination coordinating system, it is without doubt that the EVDS master data repository will be highly targeted by cybercriminals. The health department ought to ensure that it has highly effective data privacy and security controls.