13/06/2019 11:14 AM IST

Kerala Suspends Insurance Scheme For Govt Employees After Major Security Breach

The login ID and password of the scheme’s nodal officer had been shared with all the staff of the health department, meaning that anyone could log in to access and even alter the information.

File Photo/ Getty Images

The Kerala government on Wednesday suspended its much hyped Medical Insurance Scheme for State Employees and Pensioners (MEDISEP) after a major security violation was detected on its website.

The scheme, earlier meant to launch on 1 June and then postponed, will now begin only after all the loopholes in the data collection process have been plugged, especially those which could lead to important information such as Aadhaar card details being leaked.

This is not the first time that a leak has been discovered in a major government website, but the Kerala case serves as a pointer for just how easy it is for untrained government officials to put people’s privacy and data security at risk: the login ID and password of the scheme’s nodal officer had been shared with all the staff of the health department, meaning that anyone could log in to access and even alter the information.

The Malayala Manorama first reported this news on Wednesday, adding that it was able to independently verify the complaint. The report led to outrage, and cyber experts and employees’ unions demanded that the scheme be suspended until all the concerns were addressed. The protesters pointed out the possibility of vested interests stealing vital information of government employees and pensioners and their families.

The state finance department, to which the scheme’s nodal officer belongs, said on Wednesday evening that the data would not be accessed by anyone until a solution was found.

HuffPost India has reported on large-scale data leaks in various states, especially in Andhra Pradesh, where an unsecured dashboard on a government website of a government-run medical store allowed anyone to track who bought what medicines from government-run Anna Sanjivini stores. In April, HuffPost India reported on a website that allowed anyone to geolocate people in Andhra Pradesh by caste and religion. 

Government officials associated with the scheme told HuffPost India that the nodal officer’s login credentials were shared with all the department staff to reduce the work burden of the seniors.

“The access might have been given to the staff for making the registration purpose easy. However, the whole process involves serious security breach. Without any monitoring, the data might have been misused,’’ said NK Benny, leader of the Congress-affiliated Kerala Non-Gazetted Officers Association.

The project was first postponed because the model code of conduct had come into force ahead of the election, and then delayed again from its 1 June launch date. Now questions about data security have increased the uncertainty.

“As per my knowledge, no data leakage has occurred so far. The scheme is now in its rudimentary stage. The future chances of data misuse are minimal but it must be welcomed that the government responded to the apprehensions quickly. I hope the government can bring about additional security measures to alleviate fears raised by government employees and pensioners,’’ said D Arun, a software expert based in Thiruvananthapuram.

What is MEDISEP?

According to the scheme approved by the Pinarayi Vijayan government, state government employees, part-time contingent staff, teaching and non-teaching staff in the aided sector, employees of local self-government institutions, universities, High Court and others who come under the ambit of the Kerala Government Servants Medical Attendance Rules will be covered under the scheme.

Under the scheme, which offers a three-tier cover for its beneficiaries, each family would be eligible for an annual cover of ₹2 lakh. An additional benefit amounting to a maximum of ₹6 lakh would be given to each family during the three-year period for treating serious ailments, organ transplant, etc.

If the ₹6 lakh additional cover is insufficient for a family for critical care, another component up to ₹3 lakh would be given to the family from a corpus of ₹25 crore to be constituted by the insurance company.

Reliance General Insurance Company, which had quoted the lowest annual premium of ₹2,992.48, had been selected for implementing the scheme.