Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
Editorials & Other Articles
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
NHS Covid jab booking site leaks people's vaccine status
NHS Digital is revising its process for booking Covid vaccinations in England after the discovery of a “seriously shocking failure” that leaked medical data from the site.
The website lets users make appointments using their NHS number or, if they do not have it to hand, some basic identity information. But in the process, users’ vaccination status is disclosed, allowing anyone who possesses basic personal details of a friend, colleague or stranger to find out what should be confidential medical information.
...
The problem comes because of the different responses the vaccination website gives to users based on their vaccination status. For users who have not had any jabs, entering personal details takes them straight through to a standard screening page, while for users who have had their first shot and booked their second, they are presented with a screen asking for their booking reference to continue.
But for those people who have received both vaccinations, simply entering the basic biographical information takes them straight to a page that says “you have had both of your appointments”. Worst of all, for those users who have had only one jab through a GP and have not booked a second, the screen lets them book their follow-up then and there, without any further verification.
https://www.theguardian.com/world/2021/may/06/nhs-covid-jab-booking-site-leaks-peoples-vaccine-status
The website lets users make appointments using their NHS number or, if they do not have it to hand, some basic identity information. But in the process, users’ vaccination status is disclosed, allowing anyone who possesses basic personal details of a friend, colleague or stranger to find out what should be confidential medical information.
...
The problem comes because of the different responses the vaccination website gives to users based on their vaccination status. For users who have not had any jabs, entering personal details takes them straight through to a standard screening page, while for users who have had their first shot and booked their second, they are presented with a screen asking for their booking reference to continue.
But for those people who have received both vaccinations, simply entering the basic biographical information takes them straight to a page that says “you have had both of your appointments”. Worst of all, for those users who have had only one jab through a GP and have not booked a second, the screen lets them book their follow-up then and there, without any further verification.
https://www.theguardian.com/world/2021/may/06/nhs-covid-jab-booking-site-leaks-peoples-vaccine-status
All it takes are first name, last name, date of birth and postcode. What a screw-up.
1 replies
= new reply since forum marked as read
= new reply since forum marked as read
