Have You Done This?

As the Covid vaccine becomes more readily available around the country so do the social media posts celebrating the new vaccine. I've lost track of how many vaccine cards I've seen across social media. While selfies are encouraged as a way to express joy at being vaccinated and broadcast that people are doing their part to help stop the spread of Covid-19, multiple government agencies have warned about the risks of posting vaccine card images online. "Identity theft works like a puzzle, made up of pieces of personal information. You don't want to give identity thieves the pieces they need to finish the picture," the Federal Trade Commission said in a blog post last month. "Once identity thieves have the pieces they need, they can use the information to open new accounts in your name, claim your tax refund for themselves, and engage in other identity theft." Cybersecurity experts said they're not aware of any widespread hacks or scams specific to vaccine cards though the roots of identity theft are hard to uncover. Some have also said these security threats would be easy to execute. For now, it's mostly "speculation but plausible," according to Mark Ostrowski, head of engineering at cybersecurity company Check Point Software. "We will have hundreds of millions of people getting vaccinated. If cyberattack history repeats itself, these threat actors or scammers will try to find a way to take advantage of this situation." At the same time, there have been a number of Covid-19 scams, ranging from people pretending to be Covid-19 contact tracers to fake websites promising vaccine appointments. Many of us may be desensitized to the risks given how much information we assume is already available online about us, either because we posted it ourselves, it's been harvested from public data, or because it was dumped as part of a previous security breach. Posting an unedited vaccination card, unfortunately, makes it much easier for a criminal to target a specific person. In some cases, a person's medical record number is listed on the card. To gain access to sensitive medical records over the phone, having the medical record number, last name, and date of birth all of which are listed on the vaccination card are all that is needed to authenticate as that individual and gain access to sensitive details.

A cybercriminal could attempt to impersonate you and call your healthcare company to learn about your medical history or diagnoses, cancel upcoming procedures, change prescription doses, and more.

With or without the medical record number, vaccine cards could also allow a hacker to conduct a phishing scheme to steal data and passwords. With the lot number of the vaccine you received or the location of the place where you got the shot, they'd be able to spoof the email address of that facility with a message about, for example, a recall urging you to click a link, supposedly to reschedule an updated dose but really intended to take information from you.

This doesn't mean you should ignore any email you get about your vaccine, but it is a good reminder to be thoughtful about links you click with any email about any subject and to make sure the sender is who they say they are. People who are in the public eye more, whether they're influencers, celebrities, or journalists, have a higher threat of this because criminals are more likely to target them.

Individuals should be as wary of posting vaccine records information as they would be about posting their credit card numbers online. That's not to say people should curb celebrating the vaccine on social media all together. More secure options include cropping out details on a card or opting for a selfie instead. Some vaccine sites are handing out stickers, much like the ones voters receive at Election Day polls. Snapping a photo while wearing the sticker gets the same message across without the security risk.

At Dallas Network Services, we work with a large variety of businesses based in Dallas and Fort Worth (DFW) and the surrounding area such as Addison, Plano, Carrollton, Denton, Richardson, Garland and beyond. We also extend our reach outside the area to include all Texas and other states. We provide on premise server support including Microsoft Exchange as well as Cloud computing services and hosted solutions. We specialize project services, network support, desktop support and voice over IP (VoIP) business phones. Our fully managed IT services will improve your business reliability as well as your bottom line. Contact us today at www.dallasnetworkservices.com chat or call 214-696-6630. #DNS#dallasnetworkservices#techsupport#hacker#cybersecurity#MSP