India's CoWIN vaccine portal completely safe: Health Ministry

“All steps have been taken and are being taken to ensure security of the data in the CoWIN portal”, the Health Ministry stated.

News

Dubbing the alleged data breach of Covid-19 vaccine beneficiaries as “mischievous in nature”, the Indian Union Ministry of Health and Family Welfare (MoHFW), on Monday, said that the CoWIN portal of health ministry is completely safe with adequate safeguards for data privacy.

The Health Ministry said that the reports of data breach of beneficiaries who received COVID vaccination are “mischievous in nature and without any basis”.

The Ministry also requested the Indian Computer Emergency Response Team (CERT-In) to look into this issue and submit a report, besides initiating an internal exercise to review the existing security measures of CoWIN.

“CERT-In, in its initial report, has pointed out that back-end database for the Telegram bot was not directly accessing the APIs of CoWIN database,” the Ministry said in the statement.

A Malayalam news website, The Fourth, was the first one to report about the breach and said that the data leak was enabled through an automated account on the messaging application Telegram.

As per the media reports, the account, technically a bot, was able to pull individual data by simply passing the mobile number or Aadhaar number of a beneficiary. The data included sensitive personal information such the name, date of birth, identity document type and number, and location of last vaccination linked with a mobile phone number sent to it. The Telegram bot, which was offered by an unknown developer, was pulled down post the news reports.

“It does not appear that CoWIN app or database has been directly breached,” said Rajeev Chandrasekhar, Union Minister of State for Electronics, and Information Technology via his twitter handle. He further clarified that the data being accessed by the bot from a threat actor database seems to have been populated with previously breached/stolen data. The database, he said, was other than CoWIN.

Restating that the portal is safe, the Ministry said more security measures are in place on it with Web Application Firewall, Anti-DDoS, SSL/TLS, regular vulnerability assessment, Identity & Access Management etc.

According to the Health Ministry, access to Co-WIN data is only possible via OTP authentication and at three levels—beneficiary dashboard, authorised user and API based access. The MOHFW clarified that a Telegram bot cannot share any Co-WIN data without the individual's OTP and that it cannot capture their address.

“Without OTP, vaccinated beneficiaries’ data cannot be shared to any BOT. Only Year of Birth is captured for adult vaccination but it seems that on media posts it has been claimed that BOT also mentioned date of birth (DOB). There is no provision to capture address of beneficiary”, said the Ministry.

The Government also assured that there are no public application programming interfaces (API)s that can pull data from the vaccination platform without an OTP.

“There are some APIs which have been shared with third parties such as ICMR for sharing data. It is reported that one such API has a feature of sharing the data by calling using just a mobile number of Aadhaar. However, even this API is very specific and the requests are only accepted from a trusted API which has been white-listed by the Co-WIN application”, the government added.

CoWIN was developed and is owned and managed by the Health Ministry. An Empowered Group on Vaccine Administration (EGVAC) was formed for steering the development of CoWIN and for deciding on policy issues.

“All steps have been taken and are being taken to ensure security of the data in the CoWIN portal”, the Health Ministry stated.

However, this is not the first time that such a leak has been reported. In June 2021, a hacker group named ‘Dark Leak Market’ claimed that it had a database of about 15 crore Indians who registered themselves on the CoWIN portal. Health authorities had rubbished the claims then.

Such incidents bring in the light the need for robust data-protection laws in India. It serves as a reminder to provide legal provisions and guidelines to uphold such sensitive information, and to deal with those who jeopardise such sensitive data via hacking, identity thefts and so on.

India's CoWIN vaccine portal completely safe: Health Ministry

“All steps have been taken and are being taken to ensure security of the data in the CoWIN portal”, the Health Ministry stated.

Novo Nordisk Issues Voluntary U.S. Recall of Wegovy Weight-Loss Injections

India’s Pharmaceutical Market Poised for Steady Growth in 2026 After Strong 2025 Performance

Sun Pharma Pushes Back on $10 Billion Organon Acquisition Rumours, Labels Reports “Speculative”

Antibiotics in Focus as India Intensifies Battle Against AMR

Max Healthcare partners with The Learning Lab for advance healthcare capacity building, research

India home to world's second largest diabetes population in 2024: Study

Weight-Loss Drugs May Reduce Nutrient Intake: Experts Warn on What Users Should Do Next

Health Ministry Considers Deadline Extension for Pharma Firms to Meet Stricter GMP Standards

Novo Nordisk's US public affairs head leaves company, memo shows

Study links weaker internal body clock with higher dementia risk

Torrent Group Commits Rs 750 Crore to Develop 500-Plus Bed Multispecialty Hospital in Ahmedabad

Practo Accelerates Global Reach with Major Entry into the US Healthcare Market

Emcure Pharma Signs Pact to Distribute Roche’s Nephrology and Transplant Drugs in India

Sun Pharma Appoints Deepa Misra as Head of HR for India Business & Consumer Healthcare

GSK Pharma India Appoints Ronojit Biswas as New CFO in Strategic Leadership Move

Global Mind Health Findings 2025: Screen Time and Online Behaviour Shape India’s Wellbeing Scores

National Arogya Fair 2026 Opens in Maharashtra as President Underscores Global Rise of Traditional and Integrative Medicine

Akums Secures EU GMP Milestone for Haridwar Plants, Setting Stage for Global Growth