Send email Copy Email Address

2021-05-07
Annabelle Theobald

Vaccination card postings carry dangers

What criminals and companies can do with sensitive health data

The joy over a Corona vaccination is great among many pandemic sufferers. More and more often, people are posting a photo of their vaccination card on social media after receiving the jab. CISPA faculty member Dr. Nico Döttling explains why this is not only a feast for counterfeiters.

Lucky is the one who has already been vaccinated and thus enjoys a higher level of health protection. But the stamp in the vaccination card also becomes more valuable with each passing day, as some restrictions are removed for those who have been vaccinated. In messenger services like Telegram, the business with fake vaccination cards is already booming. The yellow booklets go for 150 euros and more over the digital counter, as shown, for example, by the research of the ARD political magazine "Report Mainz". The German Federal Ministry of Health, therefore, warned Internet users in April not to post their vaccination cards on social networks after vaccination. "Criminals can misuse the data visible on it, such as batch number, the stamp of the practice or the signature of the doctors, for forgeries," reads a tweet from the Federal Ministry of Health (BMG).  But aiding forgers is not the only danger posed by a vaccination card posting. The sensitive health data that vaccinated people reveal by posting their vaccination cards can also be misused for other purposes.

"There are companies that specialize in collecting as much information as they can about Internet users. These are not even Google and Facebook, but hidden players who earn big money with it," explains cybersecurity expert Nico Döttling.  To do this, the companies scoured social media, among other things, and created digital profiles of people. They sold the data thus obtained to other companies, to employers or insurance companies. "Insight into health history - and that includes which vaccinations you have - can be very interesting for an insurance company, for example," explains Döttling. For example, under certain circumstances, the date of the Corona vaccination or other immunizations noted in the vaccination record could allow conclusions to be drawn about the person's state of health. Since people with previous illnesses represent a financial risk for insurers, such knowledge could - at least with private insurers - lead to refusal of admission.

"Health data should therefore be handled very, very carefully," advises Döttling. Even if photos are posted pixelated or information is made unrecognizable in some other way, it is often possible to make them visible again, he says. Here, too, the 38-year-old warns against lulling oneself into a false sense of security. It is, therefore, better to express one's joy about a vaccination in a personal conversation over the garden fence than on social media.

translated by Oliver Schedler