AG's report: MySejahtera was target of 1.12 million cyber attacks

By MAZWIN NIK ANIS and RAGANANTHINI VETHASALAM

PUTRAJAYA: There were a total of 1.12 million cyber attack attempts against the MySejahtera app, according to the Series 2 of the 2021 Auditor-General’s report.

Citing the minutes from a MySejahtera security meeting in 2022, the audit findings on the Health Ministry and National Security Council’s Management of Covid-19 Vaccine Recipient Registration and MySejahtera App revealed that cyber attack attempts began on Oct 27, 2021 using a specific IP address.

However, action was taken to beef up security including taking down the IP address used for the attacks, installing web application firewall on Nov 1, 2021 and carrying out continuous surveillance on the app.

The Health Ministry said in its response to the National Audit Department on Sept 9, 2022 that the IP address used in the cyber attack was deactivated on Oct 28, 2021 and a police report was lodged on Nov 5, 2021.

The ministry also told the Audit Department that it has studied the cause of the attack and taken actions to improve the system.

On another note, the audit report tabled in the Dewan Rakyat on Feb 16, also found that there were attempts from a “super admin” account to download information of three million vaccine recipients from Oct 28 to Oct 31, 2021, using five IP addresses.

Further audit checks on user data revealed that the account allows access to a vaccine admin of the MySejahtera app.

Access to vaccine admin paves way for the user to download all vaccination data in bulk and even enables them to destroy the data.

As a precautionary measure, the Health Ministry had cancelled the super admin account and lodged a police report on Nov 5, 2021.

The ministry in its response to the Audit Department, said the super admin account which was authorised by the Health Ministry was abused and a request to download data of three million vaccine recipients from MySejahtera was submitted.

“As soon as the matter was discovered, the account was restricted immediately,” the Health Ministry added.

It added that the matter was under police investigation.

“The security management of the MySejahtera data and application has to be strengthened to curb cyberattacks and ensure that the data of vaccine recipients are safe,” read the audit opinions.

In its overall opinion, the report found that the management of registration of Covid-19 vaccine recipients and MySejahtera application was well implemented.

×
Follow us on our official WhatsApp channel for breaking news alerts and key updates!

MySejahtera , Cyber Attack , Auditor-General's Report , Cybersecurity

   

Report it to us.

Next In Nation
MMEA manpower increase to be given priority, says Saifuddin
Education Ministry finetuning solutions to reduce overcrowding in 86 ‘high-density’ schools across Malaysia
Free ferry rides for 300,000 targeted to visit Northern Zone Madani Rakyat programme
'Allah' socks issue: KK Mart founder, wife to submit representation to AGC
Dengue cases up by 36% last week, four deaths reported
Man gets 30 years jail for killing friend and living with corpse for four days
KKB polls: PAS denies boycott of Perikatan candidate, says machinery hard at work on the ground
Mavcom to implement six service quality elements on queuing times in KLIA T1, T2 in May
Undocumented migrant jailed 40 years for murdering ehailing driver in Tuaran
No M'sians involved in Sg Golok blast, say cops

Trending in News

Others Also Read

Load more

Copyright © 1995- Star Media Group Berhad [197101000523 (10894-D)]

Best viewed on Chrome browsers.