Actu
Will Governments Track & Trace App Keep Data Secure?
May 2020 by Colin Tankard, Managing Director of cyber security company, Digital Pathways
The government’s roll out of its Track & Trace App, currently on the Isle of Wight but soon to be across England, is a welcome tool in the fight against the Coronavirus. But, can it be trusted to keep data secure?
There has been much criticism in the past, over how medical records have been shared with others. NHS data is a highly valuable data source for organisations such as global drug companies and researchers. It is able to offer one of the most centralised public record sources of its kind.
However, there have been instances of NHS data being sold to a variety of businesses from Google, who reputedly intended to use it to develop health apps, to international drug companies.
And, this data was not always anonymous, meaning data could be traced back to an individual.
The Secretary of State for Health and Social Care, Matt Hancock, has said that the new app "has been designed with privacy and security front of mind with the highest level of privacy built in".
Says Colin Tankard, Managing Director of cyber security company, Digital Pathways, “ The very best way of keeping data safe is by ensuring that security concerns are built into the software, from the base upwards not, as has happened previously, as a bolt on to existing software.
“It is my understanding that this new App has been designed with security issues at its core and the Public, should take comfort from this.
“The fact that the App has been approved by the National Cyber Security Centre is another boost of confidence.”
Tankard continues, “Leaving the data on an individuals phone transfers its security responsibility to the user. This is fine, but often users are not so rigorous on mobile device security and rarely add any security software, such as anti virus or pop up blockers, all of which would stop phishing email attacks or rouge links, taking the user to sites where ramsomware could be downloaded. As part of this App roll out, I hope users are strongly recommended to add such additional security to their mobile devices.
“Another concern could be that of a Sim Swap, a type of account takeover, where the fraud centres around exploiting a mobile phone operator’s ability to seamlessly port a telephone number to a new SIM.
“Attacks like these are now widespread, with cyber criminals using them not only to steal credentials and capture one-time passwords sent via SMS, but also to cause financial damage to victims. Hopefully, this new App has some form of tracking linked to the SIM, as the SIM will be the device identifier along with its IMEA number, so it could be compromised in a SIM swap.
“Security of personal data remains the responsibility of each and every one of us. With the use of sensible protective systems and robust passwords, there is no reason to believe that data collected by this new App will be compromised.”
