The Generalitat Health Department has opened an internal investigation after detecting “specific cases” of password theft to access La Meva Salut, the public application that allows you to consult your medical history, make an appointment and request prescriptions.
The passwords would have been used, precisely, to modify the contact details of certain users and request an online appointment with the family doctor to request a medication prescription. Concretely, the Generalitat detected nine cases between June and October. From then on, it began a “proactive identification” process which resulted in the discovery of around a hundred additional thefts.
The Department has notified the situation to the Catalan Data Protection Authority and contacted the affected users. Likewise, it works on strengthening the security of the application.
The first of the changes will be the requirement for double authentication: in addition to the password, users will have to enter a code which will be sent to them by SMS.
Likewise, it will be necessary to increase the complexity of passwords, which implies that they contain a minimum of 8 characters and, at least, a lowercase letter, an uppercase letter, a number and a special character.