The CoWIN system used for registering people for COVID-19 vaccination is completely secure and reports of the system being hacked “appear to be fake”, the government said in a statement today.
Nonetheless, the matter will be investigated by the Computer Emergency Response Team, known as the government’s best counter-hacking group under the Ministry of Electronics and Information Technology (MietY).
Denying reports of CoWIN being hacked, the Health Ministry and the chairman of the Empowered Group on Vaccine Administration (EGVAC) said CoWIN “stores all vaccination data in a safe and secure digital environment.”
“There have been some unfounded media reports of the CoWIN platform being hacked. Prima facie, these reports appear to be fake. However, the Health Ministry and the EGVAC are getting the matter investigated by the Computer Emergency Response Team of MietY,” the government said in the statement.
EGVAC Chairman RS Sharma said CoWIN data is not shared with any entity outside of the system.
“Our attention has been drawn towards the news circulating on social media about the alleged hacking of CoWIN system. In this connection we wish to state that CoWIN stores all the vaccination data in a safe and secure digital environment,” Mr Sharma said in the statement.
“No CoWIN data is shared with any entity outside the CoWIN environment. The data being claimed as having been leaked such as geo-location of beneficiaries is not even collected by CoWIN,” Mr Sharma said.
Co-WIN stores all vaccination data in a safe & secure digital environment. No data is shared with any entity outside the Co-WIN environment
— PIB India (@PIB_India) June 10, 2021
There is no authorised mobile app for registering for vaccination in India except Aarogya Setu and Umang app. Even in both cases, one needs to log into the CoWIN portal via the apps for booking vaccination slots.
CoWIN also has a public application programming interface (APIs) that allow any third-party application to access certain unrestricted information which can be shared with its users. This is limited only to read access in CoWIN.
“The extent of access will be limited and in case of any misuse impacting the performance of CoWIN solution will result in blocking any such application and entities as per the policies of MoHFW (Health Ministry) and taking any other appropriate action in accordance with law,” the government’s API Setu website says.