The Register® — Biting the hand that feeds IT

Feeds

Info chief prescribes shock therapy for health dept

Scathing judgement on junior doc debacle

By Joe Fay, 20th December 2007
  • print
  • alert

Ensure Ease of Recovery with Asigra’s Agentless Software

The Information Commissioner’s Office has slated the Department of Health over a data protection debacle that saw Doctor’s intimate personal details plastered over the web.

The security breach on the Medical Training Application Service (MTAS) website, which the ICO became aware of in May, meant junior doctor’s personal data, down to their religious beliefs and sexual orientation, could be accessed by visitors to the site.

In a humiliating move the DoH will have to sign a formal undertaking “to comply with the principles of the data protection Act.” Failure to comply will mean further enforcement action, including prosecutions, said the ICO.

Given that, as of next year, the government is prepared to back prison terms for officials who screw up on protecting personal data, the DoH better get its act together. It's unlikely to inspire customer patients confidence in the NHS' various other IT wheezes.

On a more mundane level, the DoH has been told to encrypt any personal data on its website “which could cause distress to individuals if disclosed.” It must also carry out regular penetration and vulnerability testing on developing apps, and staff must be trained on the Data Protecton Act.

The security breach was just one element of debacle surrounding the online application scheme, which threw the whole UK junior doctor community into chaos. The online system was supposed to match applicants to training places, but was deemed a woeful failure, in large part because it required everyone to apply for places at the same time. As the closing date drew near the system ground to a halt – and not just because all and sundry were able to ogle the more intimate details of junior doctors’ lives.

Former DoH boss Patricia Hewitt finally switched off the life support for the system in May. A revamped system should be in place for 2009.®

Agentless Backup is Not a Myth

COMMENTS

House Rules Send Corrections
All Reader Comments (5)
Latest Comments
Anonymous Coward
Anonymous Coward

Information

Working at the coalface in the NHS, try getting access to the information you actually need to do your job.

Empires are being built on the basis of "I know and I'm not telling you."

I had to threaten the head of our Records department with arrest for her refusal to supply statutorily required information in order to register a death of a patient. It wasn't till a cop appeared that the information was supplied. The bitch was due for arrest until the information was disclosed. The public prosecutor had to have a word with them.

Apparently data is power.

0
0
Anonymous Coward

Testing devloping apps

"penetration and vulnerability testing on developing apps" hahaha

This was never piloted. The pilot was 30 000 trying to log on at once. There were never any nodes available to service any requests and it was clearly designed by people who are incompetent with regarsd to security.

It wasn't the DoH, it was subcontracted out to Methods Consulting. I am reliably informed that the guy who wrote the whole thing is a very nice person and was very upset by the whole affair. Well that makes it alright then. I am surprised they are not mentioned by name.

Someone should have lost their job over this. Instead they just have to promise to behave next time.

COI: One of those affeceted by this tragic system

0
0
The Mole

re Fraser:

Fraser I don't think the approach is perfect, but (hopefully) the ICO coming in and giving the NHS a good telling off will cause a cultural shift and force them to take more care about personal data and improve things for the next time. (This is probably very optimistic but that is what the ICO is attempting).

What would the point of fines be? For a company it has a (kind of) direct impact on the shareholders who then presurise the company in performing better (assuming the fines are more than a tiny blip on the balance sheet). In the companies case therefore the fine has a purpose.

For a tax payer funded organisation what is the point of a fine? All it does is give a big monetary figure of how bad the NHS has been and ultimately result in less tax payers money being spent on what the NHS is meant to be spending it's money on. The actual fine will probably end up back in the Treasuries bank account and will probably be instead spent on consultants or some other waste of tax payers money. I doubt neither the ICO or NHS will get the money back. So the net result of a fine would be to punish the tax payer and waste their money.

0
0

More from The Register

SCO vs. IBM battle resumes over ownership of Unix
Zombie lawsuit back and wants to suck the brains out of Linux
115
breaking news
Jailed LulzSec hacker Cleary coughs to child porn images, will be freed soon
Some images of infants as young as six months
68
NSA whistleblower to tech firms, Obama: 'Grow a pair!'
Ed Snowden: Email tracking grabs 'IPs, raw data, content, headers, attachments, everything'
66
breaking news
Ecuador: All right, Julian, you CAN stay on our sofa - it's your human right
Minister and Wikileaker share cosy chat in tiny London flat
65
Google flings another £1m at online child sex abuse vid CRACKDOWN
See, see, we're trying, ad giant tells Daily Mail UK.gov
41
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
breaking news
BBC lied to Parliament about doomed £100m IT monster, thunder MPs
Axed DMI ballooned and burst while watchdogs sang Kumbaya
50
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Not just telcos, THOUSANDS of companies share data with US spies
It's all perfectly legal, trust us
68