DoH's latest d'oh!
Puts private doctor details on the web
Posted in Public Sector, 26th April 2007 15:09 GMT
Understand how application security is evolving
The Department of Health (DoH) has apologised for its latest IT blunder - publishing private details of applicants for junior doctor posts on an unsecured website.
The Medical Training Applications Service (MTAS) is the computerised HR system for students and junior doctors. But applicants for the foundation course - the first year of medical training - found their personal details, names, addresses, and even sexual orientation and criminal records were revealed.
The statement from the DoH said: "We apologise to any applicants whose details have been improperly accessed. This is a very serious matter and is under investigation.
"This URL was made available to a strictly limited number of people making checks as part of the employment process. This information was never publicly available through the MTAS website and was only accessible for a short period of time after details of the URL were leaked.
"The MTAS team fixed the problem as soon as it was brought to their attention."
But according to Channel 4 News, which broke the story, health minister Patricia Hewitt was warned the site was insecure last month by the British Orthopaedic Trainees Association. ®
See what The Register's experts have to say on application security


The future of SaaS and IT infrastructure management
The Total Economic Impact of Dell's PC products and services
The best practices guide for application security
Avoiding 7 common mistakes of IT security compliance
The starter PKI program

Win a Samsung C6625!
Is your cameraphone an oxymoron?
Windows 7, Bing and security: Mr Ballmer regrets
Sign up, sign up for The Register IT security newsletter