AG's report: MySejahtera was target of 1.12 million cyber attacks

By MAZWIN NIK ANIS and RAGANANTHINI VETHASALAM

PUTRAJAYA: There were a total of 1.12 million cyber attack attempts against the MySejahtera app, according to the Series 2 of the 2021 Auditor-General’s report.

Citing the minutes from a MySejahtera security meeting in 2022, the audit findings on the Health Ministry and National Security Council’s Management of Covid-19 Vaccine Recipient Registration and MySejahtera App revealed that cyber attack attempts began on Oct 27, 2021 using a specific IP address.

However, action was taken to beef up security including taking down the IP address used for the attacks, installing web application firewall on Nov 1, 2021 and carrying out continuous surveillance on the app.

The Health Ministry said in its response to the National Audit Department on Sept 9, 2022 that the IP address used in the cyber attack was deactivated on Oct 28, 2021 and a police report was lodged on Nov 5, 2021.

The ministry also told the Audit Department that it has studied the cause of the attack and taken actions to improve the system.

On another note, the audit report tabled in the Dewan Rakyat on Feb 16, also found that there were attempts from a “super admin” account to download information of three million vaccine recipients from Oct 28 to Oct 31, 2021, using five IP addresses.

Further audit checks on user data revealed that the account allows access to a vaccine admin of the MySejahtera app.

Access to vaccine admin paves way for the user to download all vaccination data in bulk and even enables them to destroy the data.

As a precautionary measure, the Health Ministry had cancelled the super admin account and lodged a police report on Nov 5, 2021.

The ministry in its response to the Audit Department, said the super admin account which was authorised by the Health Ministry was abused and a request to download data of three million vaccine recipients from MySejahtera was submitted.

“As soon as the matter was discovered, the account was restricted immediately,” the Health Ministry added.

It added that the matter was under police investigation.

“The security management of the MySejahtera data and application has to be strengthened to curb cyberattacks and ensure that the data of vaccine recipients are safe,” read the audit opinions.

In its overall opinion, the report found that the management of registration of Covid-19 vaccine recipients and MySejahtera application was well implemented.

×
Follow us on our official WhatsApp channel for breaking news alerts and key updates!

MySejahtera , Cyber Attack , Auditor-General's Report , Cybersecurity

   

Report it to us.

Next In Nation
Investigation into honking incident during burial completed, say Penang cops
Giant monument for Bukit Cina soon to mark 50th anniversary of Malaysia-China ties
Khaled to make official visit to Turkiye in June
King thanks outgoing Singapore PM Lee for being Malaysia's close friend
KKB polls: Welfare of minorities, women and children among five points in Perikatan manifesto
Govt to allocate RM9.5mil to boost local cocoa production, says plantation minister
Man nabbed for murder in Johor after fight in front of restaurant
Fu Ning, world's largest traditional Chinese wooden ship to return to Melaka for 50th anniversary celebration of Malaysia-China ties
Kids influenced by porn due to easy access, says Bukit Aman CID chief
Customs seize liquor worth RM1.2mil

Trending in News

Others Also Read

Load more

Copyright © 1995- Star Media Group Berhad [197101000523 (10894-D)]

Best viewed on Chrome browsers.