Security hole in eHealth
Ethical hacker Pavol Lupták and his Nethemba company have found a security hole in the eHealth app. He was able to download a list of 390,000 people tested for Covid-19 with their names, addresses and mobile phone numbers (as well as test results). The data were not secured and encrypted in any way and were not protected against automated downloads. Nethemba informed the government on September 13 and the issue has been fixed. The information system was developed inhouse by NCZI, which runs eHealth. NCZI admitted the hole but is not aware of any security breach.