Latest Channel 4 News:
Row over Malaysian state's coins
'Four shot at abandoned mine shaft'
Rain fails to stop Moscow wildfires
Cancer blow for identical twins
Need for Afghan progress 'signs'

More NHS security flaws

By Victoria Macdonald

Updated on 26 April 2007

Exclusive: after yesterday's revelations about security breaches on an NHS website, Channel 4 News finds yet more online NHS flaws.

For the second day in a row there has been a breach in the security on the MTAS computer system - used by 32,000 junior doctors to apply for training posts.

Channel 4 News has learned that it was possible to hack in to their personal application sites with remarkable ease.

All it took was a simple changing of a number on the URL. Personal messages and details could be found.

Initially we thought it was just MTAS applicants who have their own registration number who could do this.

Now we have learned that if an email was sent with the URL to anyone - not just an applicant - they could access the private sites without even logging in.

The details of how to hack in this were posted on a popular medical blogsite - the blogger then informed the health department late this afternoon and this serious flaw appeared to have been immediately fixed.


But just after five - the entire MTAS system was pulled down - it says here for planned essential maintenance - coincidentally just an hour after this latest breach was revealed.

And yesterday there was this - the personal details of medical students applying for foundation course posts open to anyone.

Home telephone numbers, their applications, even their sexual orientation, which as it happens should have been kept separate from their names as it is only needed for ensuring the employers are complying with equal rights legislation.

We believed the MTAS data breach happened over a number of hours. This was also what the health department said. We now know it happened on Monday and was not remedied until we told them yesterday afternoon.

Today, Ministers described this revelation as a malicious leak. The Information Commissioner's Office - the guardian of data protection - has now asked the health department for an explanation and said it was concerned such personal information had been publicly available.

Yet the health secretary Patricia Hewitt had also been warned about another security breach on 5 March by the British Orthopaedic Trainees Association.

"We have also had concerns about the security of the site with shortlisters reporting they could access deanery data and applications they had nothing to do with."

What's more we have learned that not only could people read the data base, but they could even make personal changes to it.

All this does raise serious data protection issues. And this morning, Mps questioned the head of the NHS IT system, Richard Granger about Connecting for Health - which will hold patient records.

But we have can tell you is that there has already been a data protection breach on Richard Granger's Connecting for Health system.

In February, a number of doctors attended a conference hosted by Connecting for Health.

For some reason their telephone numbers, their home addresses, their email addresses, their mobile numbers were put up on a connecting for health website.

A complaint was made. It took about two weeks to take them down but we've now discovered that they still exist on google.

Experts say this site could easily be locked. One doctor said she was shocked the details were still there.

Less than an hour ago, the health department finally admitted it had suspended the MTAS website not for 'planned maintenance work' - although that's what it still says on the system but because they were investigating our latest revelations.

Send this article by email

Watch the Latest Channel 4 News

Watch Channel 4 News when you want

Latest Health news

7-day catch-up


Watch Channel 4 News when you want to, from the last week.

Sign up to Snowmail

The day's news from Jon Snow and the team direct to your inbox.

Week in pictures

credit: Reuters

A selection of the best pictures from around the world.

Most watched


Find out which reports and videos are getting people clicking online.

Channel 4 © 2010. Channel 4 is not responsible for the content of external websites.