An app used by healthcare workers in the Philippines has suffered from a data leak exposing sensitive patient data and credentials. The platform, COVID-KAYA, is widely used across the country to share data about COVID-19 cases. The application contained multiple critical flaws that left it vulnerable to data leaks or cyberattacks. Both the web access and Android app versions of COVID-KAYA allowed unauthorized users to view private data about users and patients, according to researchers at the Citizen Lab.
This may be the latest example of how the COVID-19 pandemic has created a trove of security issues for the health care sector. Threat actors have been leveraging fragility and public fears to perpetrate ransomware attacks, phishing attacks, social engineered attacks, and other potentially damaging cyberespionage.