Auditor-General’s Report: MySejahtera came under cyber attacks


Systematic review: National Audit Department staff member Eliza Suria Mohd Noor showing a copy of the Auditor-General’s Report 2021 Series 2 in Putrajaya. — AZMAN GHANI/The Star

PUTRAJAYA: Security concerns over the MySejahtera app are among the weaknesses highlighted in Series 2 of the 2021 Auditor-General’s report.

The report found that there were a total of 1.12 million cyber attack attempts on the MySejahtera app.

Citing the minutes from the MySejahtera security meeting in 2022, the audit findings on the Health Ministry and National Security Council’s Management of Covid-19 Vaccine Recipient Registration and the MySejahtera app revealed that cyber attack attempts began on Oct 27, 2021 using a specific IP address.

ALSO READ: Anwar promised there will be no cover-up, says A-G

Action was taken to beef up security, including taking down the IP address used for the attacks, installing a web application firewall on Nov 1, 2021 and carrying out continuous surveillance on the app.

The Health Ministry said in its response to the National Audit Department on Sept 9, 2022 that the IP address used in the cyber attack was deactivated on Oct 28, 2021, and a police report was lodged on Nov 5, 2021.

The ministry also told the Audit Department that it has studied the cause of the attack and taken action to improve the system.

In addition, the audit report tabled in the Dewan Rakyat yesterday discovered that from Oct 28 to Oct 31, 2021, there were attempts from a “super admin” account to download information of three million vaccine recipients using five IP addresses.

Further audit checks on user data revealed that the account allowed access to the vaccine administrator of the MySejahtera app. Access to a vaccine administrator paves the way for the user to download all vaccination data in bulk and even enables them to destroy the data.

As a precautionary measure, the Health Ministry cancelled the super admin account and lodged a police report on Nov 5, 2021.

In its response to the Audit Department, the ministry said the super admin account, which was authorised by the Health Ministry, was abused and a request to download the data of three million vaccine recipients from MySejahtera was submitted.

“As soon as the matter was discovered, the account was restricted immediately,” said the Health Ministry. It added that the matter was under police investigation.

“The security management of the MySejahtera data and application has to be strengthened to curb cyber attacks and ensure that the data of vaccine recipients is safe,” read the audit opinions.

In its overall opinion, the report found that the management of registration of Covid-19 vaccine recipients and the MySejahtera app was well implemented.

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
   

Next In Nation

Ex-Kemaman MP elected to represent Terengganu in Senate
Woman killed in crash wanted to return home and meet her mother
Sabah passes Bill to boost rice production amid global food security concerns
Selangor hits roadblock in proposed motorsports circuit area, seeking new location
Appellate Court to deliver verdict on former ministry sec-gen and son’s graft appeals on Feb 20
Freedom of Information Bill may be tabled in 2025, says Kulasegaran
Thunderstorm warning extended to more states until 9pm on Nov 21
MB Onn Hafiz announces two-month salary incentive for Johor civil servants
Three Bills passed in state assembly as Sabah Budget 2025 sitting ends
Lorry driver fined RM16,500 for reckless driving

Others Also Read