Illinois hits snags with new COVID-19 vaccine verification system

Illinois hits snags with new COVID-19 vaccine verification system

Vax Verify, Illinois’ new resident immunization portal, contains incorrect COVID-19 vaccine records. In a state where data leaks and hacks have been too common, the potential for health information being exposed is a reasonable worry.

Illinois just launched Vax Verify, an online portal Illinoisans can use to upload and view their vaccination records, but already there are signs the system has problems.

The Illinois Department of Public Health debuted Vax Verify Aug. 11, with the intention that residents could use it to prove vaccination status at public venues.

“As more businesses, events, organizations and others require proof of vaccination, Illinois residents will be able to confirm using Vax Verify that they have been vaccinated for COVID-19,” IDPH Director Dr. Ngozi Ezike said.

But two days after the launch, CBS Chicago reported Vax Verify was listing some fully vaccinated Illinoisans as  “unvaccinated.” Several audience members contacted the TV station to report the problems.

Business Insider reporter Heather Schlitz also found the state had bad info on her.

“When I tried to access my vaccination records (I got two doses of the Moderna vaccine in Illinois), the website showed that I had only received a single dose,” she wrote.

She also noted the state portal used Experian to verify identities, but that the credit reporting agency had a history of data breaches. During 2020 in South Africa, hackers breached Experian and stole information from 24 million users and 800,000 businesses. Again, during 2021, Experian suffered another attack and leaked personal data of over 220 million Brazilians.

Illinois has a shoddy record of protecting Illinoisans’ data.

During the 2016 election, Russian hackers got into the voting records of over 500,000 Illinois residents, according to the U.S. Department of Justice. Illinois was the only state the Russians were able to penetrate.

In May 2020, Illinois brought a new system online to handle COVID-19 unemployment claims by self-employed workers, but it immediately exposed the Social Security numbers and other private information of 32,483 applicants. Identity thieves used the information to access some of the applicants’ accounts, according to lawsuits. The system was part of a $22 million no-bid contract.

Also in 2020, a ransomware attack crippled the website of Illinois Attorney General Kwame Raoul. Parts of the site are still down, and although Raoul did not pay the ransom he has spent $2.5 million fixing the issues. The attack came two months after a state audit warned Raoul of his system’s vulnerabilities.

On Aug. 5, Illinois State Police reported hackers compromised the Firearm Owner Identification Card records of over 2,000 residents.

Also in August, IDES was again the target of account hijackers, with one man complaining his account had been accessed four different times. His formal complaint stated after each hijack he changed his ID and password, meaning the thieves had made it inside IDES computers. Hundreds of Illinoisans have reported their benefits never made it into their accounts.

Cybersecurity experts have warned Illinois state lawmakers that simple, common procedures can better protect state residents’ sensitive data. Free or inexpensive software and procedures have been available for a decade, such as two-factor authentication, but the state is failing to use available safeguards.

Vax Verify may offer a convenience, but the question is whether that convenience is to vaccinated Illinoisans or to computer hackers.

Want more? Get stories like this delivered straight to your inbox.

Thank you, we'll keep you informed!