The Karnataka Medical Council website is not a secure connection. Should I be worried?

Hi!

I am a doctor with primary registration with the Karnataka Medical Council (KMC). During the process of registration, a long list of documents were to be uploaded to the website which include Aadhar card, 10th std marks card, provisional registration, provisional degree certificate, university exams marks cards etc. We were also required to complete biometric verification where all ten fingerprints were taken along with our photograph.

Most of this information is available on the website after logging into my account using the user id and password given.

I required a No Objection Certificate from the council recently for some paperwork, therefore I logged in to my account to fill a form and make the required payment. During this process, I noticed that the connection is not secure (I used the Safari browser) and clicking anywhere would open a random webpage (like a misleading advertisement) each time before directing me to the page I wanted to open. I had to keep closing many unrelated pop-ups. This made me wonder how secure the website is in the first place because it contains a huge amount of information about all the registered doctors in the state of Karnataka.

According to the website, it is managed by ‘V Works Software Pvt Ltd’ -

V Works Software Pvt ltd is Karnataka medical council approved agency (As per the KMC Online CME eligibility criteria) under medical code of ethics -2002 constituted by Government of India in consultation with Medical council of India.

V Works software Pvt Ltd is a single company in India comes with more than half dozen State medical councils process automation expatriation from past 6 years. We are authorized to video shoot KMC/KSNC/KSDC/KAUPB approved speaker session, place in website make practitioner to purchase the video at kmc approved cost, monitoring the test taking process and allocating credit points to doctors.

I was wondering if someone here could let me know if I’m getting alarmed unnecessarily or is it a legitimate cause for concern. If yes, how do we make sure that this sensitive information doesn’t get stolen/ misused?

Looking forward to hearing from y’all!

http://www.karnatakamedicalcouncil.com/News.aspx

3 Likes

Hi.

Thanks for pointing this out! We have emailed the Additional Chief Secretary to the Department of Electronics, Information Technology and Biotechnology, Science and Technology, Karnataka regarding this highlighting the issues you pointed us.

As soon as we receive a response, we will let you know.

6 Likes

Hi Rohin,

Thank you for taking action. I hope they reply!

2 Likes

Hey @treehugger29,
Generally speaking do not install any plugins/extensions that are prompted to you while browsing, it is often a malware. I highly recommend you to reset your browser.

Are all HTTP websites insecure?
The answer is, it depends.

If you are just browsing the web, looking at cat memes or casually browsing around , HTTP is fine.

However, if you’re logging into your bank or entering credit card information in a payment page, it’s imperative that URL is HTTPS. Otherwise, your sensitive data is at risk.

You can read more at link below :link:https://www.securitymetrics.com/blog/are-http-websites-insecure

Yeah I agree, HTTP is a plain text protocol
so snooping/ MITM is possible and very easy for anyone to get any information (also including your ISP, DNS, all those and all)

Entering sensitive information, where HTTP(S) is essential