KUALA LUMPUR, Feb 16 – The Health Ministry (MoH) has been advised to conduct an assessment of the security levels of the MySejahtera and MyVAS applications as a whole and make security enhancements to their respective systems and data.
According to the Auditor General’s Report for the Year 2021 Series 2 released today, this is to overcome weaknesses in user account management for administrative and data matters as well as data security that can invite the risk of account abuse and for data reliability to be questioned.
The report stated that one Super Admin account had downloaded the private information of three million vaccine recipients from the MySejahtera application by using various internet protocol addresses.
“MoH must ensure the management of MySejahtera dan MyVAS user accounts be implemented according to the ministry’s information and communications (ICT) security policies.
“MoH must conduct data housekeeping to ensure data is always available, complete and reliable,” according to the report.
Other weakness listed in the report was how 3.89 million records were uploaded more than a day after individuals were vaccinated, 1.12 million cyber-attack attempts on MySejahtera from Oct 27, 2021 and 28,735 vaccination records showing individuals receiving the vaccine after the vaccination centres had been closed.
It also stated how 1,657 individuals have more than one MySJ ID while 1,543 individuals have between two to seven accounts involving 3,108 active MySJ IDs with their identity verified and having received vaccines.
“Agencies need to refer to the Finance Ministry for urgent and immediate procurement or payment to avoid any violation of regulations in force,” the report read.
