Security Lapse in Junior Doctor Jobs Website

Various sites (The Telegraph, BBC, Channel 4) are reporting on the data security breach that occurred yesterday, involving the sensitive personal data (including religion, sexual orientation and any criminal convictions) of around 7,000 junior doctors. The information was available in an Excel spreadsheet on a website for around 9 hours yesterday, but was removed after Channel 4 notified the Department of Health.

A Department of Health spokesperson said:

“This URL was made available to a strictly-limited number of people making checks as part of the employment process. This information was never publicly available through the NHS Medical Training Application Service website and was only accessible for only a short period of time after details of the URL were leaked. The MTAS team fixed the problem as soon as it was brought to their attention.”

The Channel 4 journalist was able to access the details once he had been tipped off by a doctor concerned by security on the site, so the point about the information not being “publicly available through the NHS [MTAS] website” seems to be an attempt at spin; however the quote does seem to suggest that the MTAS team was adopting a policy of security through obscurity.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: