PLANO, Texas (KXAN) – As more Texans get their coronavirus vaccines, cybersecurity experts are preparing for possible data breaches.
CRITICALSTART works with businesses and government agencies on securing vaccine distribution websites.
“A lot of this technology was launched very quickly. So, there was this lack of thorough investigation to how secure some of these sites were – not saying that they aren’t secure – but you know normally when something is launched wide-scale like that there’s work done to ensure that security and integrity of the systems itself,” said Quentin Rhoads-Herrera, director of professional services at CRITICALSTART.
The company said no data breaches have been detected so far across the nation, but it could just be a matter of time before one happens.
“At least now we’re seeing that some of these government entities – the state – are now taking steps forward to ensure that what they’ve launched is secure,” he explained.
Hackers only need a few details
Rhoads-Herrera said a big concern is loss of data from people putting in their names, addresses and other sensitive information.
He explained that hackers often don’t need more than that to target people.
He explained his company is also checking for malware on sites.
“If you’re visiting it unknowingly to you, your machine would download this malware, and you would have a virus which could steal your personal information, your credit cards from other sites, or just lock up your computer and deploy ransomware.”
The Texas Department of State Health Services confirmed that there have been no data breaches detected in any systems. A spokesman said there are procedures in place to keep sites and systems secure, but for security purposes, they are confidential.
“There is no indication that a data breach, digital or physical, has occurred during the Austin Public Health (APH) vaccine process. Without disclosing sensitive details about security measures, the City does have procedures in place that closely monitor these systems containing private information to ensure it is properly safeguarded,” said a spokesperson.
He added that at no point whether it be through the online registration process or filling out forms at vaccination sites does APH ask for an individual’s social security number.
APH said it’s important that safety measures are used when creating accounts, such as using passwords that are strong and not reusing the same password for multiple sites.
“We have not had any cybersecurity breaches of our waitlist, and we have strict controls in place to control the data at rest, during use, and in transit. All data is stored and secured on the County’s network,” said a spokesperson with Williamson County. “We meet, and even exceed, guidelines for handling protected health information and personally identifiable information. Strict access controls, training, and technical procedures are in place for safeguarding that data.”
Why you shouldn’t post vaccine card selfies
Another possible target for hackers – your vaccination cards.
The Federal Trade Commission issued a warning about posting photos of your personal information on social media. “Please — don’t do that! You could be inviting identity theft,” said the FTC in a blog post.
The agency said your vaccination cards has your full name, date of birth, where you got your vaccine and the dates you got it. When you post it to social media you may be handling valuable information to someone who could use it for identity theft.
“Just by knowing your date and place of birth, scammers sometimes can guess most of the digits of your Social Security number. Once identity thieves have the pieces they need, they can use the information to open new accounts in your name, claim your tax refund for themselves, and engage in other identity theft,” said the FTC.
Rhoads-Herrera said there are ways to protect yourself by going directly to the website and not following a link sent through email.
“We have seen cyber criminals use fake emails or phishing attempts to fool people into going to malicious sites,” he explained.
Also, look for the lock before the URL which indicates that the site is trusted and verified and for suspicious typos in the address.
If you get notified that your information has been stolen, the Texas Attorney General outlined these steps to take to minimize damage.
- Call or email the fraud department of the companies, banks or credit unions where you accounts have been compromised.
- Contact the three credit reporting agencies and ask that a free fraud alert be placed on your credit report.
- Equifax – 800-349-9960
- Experian – 888‑397‑3742
- TransUnion – 888-909-8872
- Change the passwords, pin numbers, and login information for all of your potentially affected accounts.
- Contact your police department, report the crime and obtain a police report.