With the ongoing distribution of COVID vaccines across the globe and the broader U.S. economy preparing to reopen, the question of international travel has become a topic of debate. Managing a safe return to travel has been top of mind for many, and as a result, apps that aim to verify travelers’ vaccination status are quickly rolling out—and have already been adopted by some airlines.

These apps, coined “vaccination passports,” refer to mobile apps used to confirm whether or not someone has received the COVID-19 vaccine. While White House officials have already stated there will be no federal mandate enforcing the use of vaccination passports, many private companies and state-run initiatives have emerged offering hundreds of vaccine apps for people to use.

While some think vaccine apps could be the key to lifting travel restrictions, challenges have arisen regarding data privacy and security implications. We surveyed 3,000 Americans to learn more about how they feel about vaccine passport apps and what they mean for the security of their data.

vaccine-app-data-privacy-concern

56% Don’t Trust Passport Apps with Their Health Data

We first asked participants if they would be comfortable with the security of their health data if it were required to be used to obtain a COVID vaccine passport. 55.9% of respondents reported they would not be comfortable with their data security, while 44.1% said they would.

covid-vaccine-passport-chart

While some people aren’t concerned about the security of their data, the majority of people are. Questions about the type of information digital vaccine passports would collect are important to examine, especially considering the major uptick in cyberattacks that came about amid the pandemic—we saw ransomware groups increasingly targeting medical billing companies, COVID relief organizations, pharmaceutical companies and government institutions in April of 2020.

More importantly, when it comes to your personal information, medical records are some of the most private personal records you have. Based on our survey results, we can clearly see the hesitancy many Americans have to make those records accessible to private companies, airlines and other corporations.

Where Should Vaccine Passports be Required?

While COVID vaccine apps were originally introduced to support a safe return to travel, similar programs have emerged to facilitate access to general activities and locations such as restaurants, stores and workplaces.

To understand the public opinion on this, our survey also asked respondents to select which places they believe a COVID vaccine passport should be required to attend, from sporting venues to doctors’ offices. Here were the results:

covid-vaccine-passport-attending-event-chart

While sports and entertainment venues came out on top for where Americans believe a vaccine app should be required, the majority of respondents (58.5%) indicated that it shouldn’t be required for any of the listed locations.

There are a variety of reasons that may explain the pushback against requiring vaccine apps in order to access general public locations and events. However, we can assume a large reason is due to the fact that people would prefer not to hand over their personal health records to entities such as their employers or store owners.

This is understandable, since the security implications of this are significant. For example, consider the fact that 33,000 unemployment applicants were exposed to a data security breach from the Pandemic Unemployment Assistance program in May of 2020. Additionally, Google reported blocking 18 million daily malware and phishing emails related to Coronavirus in April 2020. Times of crisis are an attractive opportunity for cybercriminals to exploit, and data clearly shows that the landscape for cybersecurity attacks has widened considerably amid COVID-19.

Tips for Keeping Your Vaccine Records Safe

Protected health information is some of the most sensitive and private data individuals have—and it makes an attractive target to criminals looking to exploit it. Here are some guidelines to follow to ensure you keep your COVID vaccination records safe.

Secure Your Vaccination Card

For now, the only COVID vaccination proof available is the physical card you received when you were vaccinated. The card contains information about what type of vaccine you received, as well as when and where you were vaccinated. In order to keep your card secure, designate a safe storage area in your home. It’s also a good idea to keep all your COVID-related tests, vaccines and screenings together in one place for easy reference.

Don’t Laminate Your Vaccination Card

Since the official vaccination card is only a piece of paper, it may seem like a good idea to laminate it. But this should be avoided—the laminated coating will prevent you from adding additional information on your vaccine card in the future. If you’re looking to protect your card in a similar way, use a plastic sleeve.

Know Where to Get a Copy

If you misplace your vaccine card, you can contact the place you received your vaccination and ask for a replacement. In some cases, it might be possible to request a copy from your state’s Immunization Information System. To avoid having to do this, consider making a copy of your vaccine card yourself before you run into this situation.

While much of the country is understandably eager to return to social activities and travel, it’s important to consider the security implications of deploying a new technology involving sensitive and private health data. Based on our survey, it’s clear that many Americans are doing just that, which isn’t surprising given the major impact COVID-19 has had on the current state of cybersecurity.

As we collectively navigate the uncertainties of returning to our pre-pandemic lives, it’s important to remember that threats to data security still exist. If you’re looking for ways to protect your online security at home, implementing a cross-platform antivirus program that covers all of your devices is a good place to start.

Methodology

This study was conducted for Panda Security using Google Surveys and interpreted by Siege Media. The sample consisted of no less than 1,500 completed responses per question. Post-stratification weighting has been applied to ensure an accurate and reliable representation of the total population. This survey was conducted in May 2021.