[ISN] Thousands of doctors' details put on web

From: InfoSec News (alerts@private)
Date: Thu Dec 20 2007 - 23:18:22 PST


By Rebecca Smith
Medical Editor

Computer security failures that allowed sensitive personal details of 
junior doctors applying for training posts to be viewed by others were 
an "unacceptable breach of security" by the Department of Health, the 
Information Commissioner has found.

The sensitive details of thousands of doctors, including religious 
beliefs and sexual orientation, could be seen by anyone logging on to 
the Medical Training Application Service site.

The commissioner said the Department of Health had breached the Data 
Protection Act and warned that if it happened again the department would 
be prosecuted.

The findings increase pressure on ministers over the handling of 
sensitive personal data and follows a series of security blunders.

Yesterday officials were forced to admit that the pension details of 
6,500 people had been lost by HM Revenue Customs - the same department 
that lost two discs in the post containing the child benefit records of 
25?million people.

Officials at the Department of Health were ordered yesterday to encrypt 
any personal data and test the systems regularly.

The national online computer system will not be used in next year's 
recruitment process following the fiasco this year. A local CV and 
paper-based application process will be used instead.

The security breaches were part of the reason why the whole process 
collapsed in chaos in May this year.

Ram Moorthy, chairman of the British Medical Association's Junior 
Doctors Committee, said: "This was a scandal that must never be 

Visit InfoSec News

This archive was generated by hypermail 2.1.3 : Thu Dec 20 2007 - 23:29:06 PST