‘It’s Not Just About What’s On That Card’ – Don’t Post Your COVID-19 Vaccination Card On Social Media, Here’s Why

You may not see the risk of sharing an Instagram or Twitter TWTR, + 4.09% selfie, vaccination card in hand, celebrating your vaccination against the new coronavirus. But identity theft experts and consumer advocates advise thinking twice before posting that information online. “Every time you post personal information about yourself, you increase your risk,” Eva Velasquez, president and CEO of the Identity Theft Resource Center, told MarketWatch. “It‘s not just about what’s on that card; it‘s about what else is about you, and with the state of data breaches in this country, you can be sure there is information about you. “

These warnings are particularly relevant as more than a dozen states plan to expand vaccine eligibility to all adults this week. As of Wednesday, about 29% of the US population had received at least one dose of the COVID-19 vaccine and 16% had been fully vaccinated, according to the Centers for Disease Control and Prevention. A good alternative to posting your card online is simply a photo of yourself showing a thumbs up, letting your friends or followers know that you received the vaccine, said Carrie Kerskie, Florida-based identity theft consultant, speaker and author. You can also post a photo of your vaccination tag. But no one else needs to see that physical card, he said. Details that may seem harmless Immunization cards issued as physical proof of immunization are not standardized, and some states and localities are issuing their own versions. But widely used CDC-designed paper vaccination cards include fields for the person’s full name; birthday date; patient number; manufacturer of the vaccine and lot number; dates of vaccination; and the healthcare professional or clinic site involved in administering the vaccine. While those details may seem harmless enough (after all, birthday information is already ubiquitous on sites like Facebook FB, + 2.18%), agencies and consumer organizations have warned that bad actors could leverage this information for purposes identity theft, especially if your account privacy settings are lax. “Social media is no place for COVID-19 vaccination cards,” the Federal Trade Commission warned in February. “Once the identity thieves have the pieces they need, they can use the information to open new accounts in their name, claim their tax refund for themselves, and participate in other identity theft.” ‘Nothing surprises me anymore’ When it comes to identity theft, “It’s about putting together the pieces of the puzzle” that is your digital identity, Kerskie said. “The more information a bad boy or identity thief has about you, the better the chances of success,” he told MarketWatch. It is true that some of the information on that card, such as its name, is already publicly available, Velásquez added. But it also contains your date of birth and possibly some health information. “It’s one of those things where, do you really want to take a chance?” she said. “I don’t want to be alarmist about it, but I also don’t think it’s as innocuous as most people think.” After all, Velasquez said, a bad actor armed with knowledge about his vaccination status, the vaccine he received, and the region where he lives could attack him with a phone or email scam that takes advantage of that small amount of information to gain his trust and confidence. “Get it separated with additional information.” “I think it’s a real concern,” he said.

media-object type-InsetPullQuote inline scope-web|mobileapps article__inset article__inset–type-InsetPullQuote article__inset–inline “>

“A bad actor could attack you with a phone or email scam that takes advantage of that small amount of information to gain your trust. ”

Or, Kerskie suggested, a bad actor could reach out claiming that the organization that administered your vaccine had a database breach and now wants to offer you free ID monitoring services, and send you a link to enter sensitive information. “This is a bit of an exaggeration, but in the world we are in today, nothing surprises me anymore,” he said. Legitimate organizations are always trying to find creative ways to validate an identity, Kerskie added, and information about when or where you received your COVID-19 vaccine could eventually become part of an identity verification question. “There are a lot of different things that could be done with it, so again why give the bad guys more ammo than they need?” she said. With multiple versions of a so-called vaccine passport now in the works, and the recent launch of New York State’s Excelsior Pass digital platform, Velasquez also urged against using vaccine passport apps or platforms whose legitimacy cannot be verified. Wait until there is more information on the legitimate landscape of vaccine passports, he said, as this is currently a “moving target” that is ripe for fraud. Scammers are selling fake vaccination cards A late January news release from the Better Business Bureau warned that sharing vaccination card photos could provide scammers with the information they need to create and sell counterfeits. “Scammers in Britain were caught selling fake vaccination cards on eBay, EBAY, + 1.67% and TikTok,” the Office said. “It is only a matter of time before similar cons hit the United States and Canada.” According to Velásquez, “that cat is out of the bag.” “We are already seeing counterfeit vaccination cards for sale on the dark web,” he said. A recent analysis by the cybersecurity company Check Point Software Technologies found examples of vaccination certificates “that are manufactured, created and printed to order, ready to be used to allow people to board airplanes, cross borders or for any relevant activity that requires have a person give proof that they have been vaccinated. ”In a screenshot published in the report, a person was selling a fake CDC vaccination card for $ 150 and said they would accept bitcoin BTCUSD, + 0.14% as payment. Accountability Act (HIPAA), the federal health care privacy law? Nicolas Terry, executive director of the Hall Center for Law and Health at Indiana University, told MarketWatch that “there is not much legal angle” related to people who post their own immunization cards online HIPAA protects protected health information, including immunization records, from disclosure by third parties. e from a covered entity, such as a doctor or hospital, Terry explained, but in this case, the disclosure is made by the patient, not the covered entity. “What it does illustrate is the well-known limitation of HIPAA in the sense that it does not apply to health information circulating in, [for example], social networks, ”he said. Still, Terry advised against publishing vaccination cards due to the “surprising amount of information” that could aid in an identity theft attempt, not to mention “the lack of sensitivity it shows regarding those who are not yet vaccinated.” While eligibility across the country is expanding, supply remains limited. “People don’t stop to think about what they’re doing,” Kerskie said. “‘Oh, I just want to share this with my friends.’ You’re not, you’re sharing it with everyone. “Don’t Miss: Don’t Laminate Your COVID Vaccination Card Before Doing These 5 Things. Also Read: Am I An Idiot For Getting The COVID-19 Vaccine If I Feel Healthy And I work from home?