A story like this is worth nothing without a link to support it.

I believe the real way to leak confidential info is to mail it 2nd Class, leave it on the back seat of a car in a dodgy neighbourhood, or dump it on a roundabout in a middle-class suburb.

These crims have so much to learn...

... before pulling Dodgy Tricks and Dirty Deeds done Dirt Cheap .... .but invariably always at everyone's Great Expense.

"‘Cybercrims dump swag on open botnet server’" ...... Gives a whole new meaning to the word, Transparency. Shame that you didn't/couldn't provide a link, El Reg, although there's bound to be a store/mirror of it somewhere for it to resurface.

Nowadays, it is as well to consider/realise that there is no privacy, and to expect it is delusional bordering on madness.

Certainly sharing anything you know, will allow anyone who can see Benefit in IT, to help you and thus does IT Grow. Secrecy only halts Progress, it doesn't AId IT at All.

So there was this mysterious server that got found.

How exactly? Where was it? Was it found physically (somebody stumbled accross it during inventory control) or on the Internets? Why was "code inspection technology" needed or useful if the data was left "in plain sight"? We demand to be told!

For the same reason the government has been pushing through this NHS database system, is exactly the same reason that the NHS is now a target.

It is tantamount to using the Red Cross for military operations. Medical systems were often thought of as no go areas for crackers, now they are the focus, and that has created quite a leap for the NHS IT support system - they will have seen very little cracker activity and then suddenly seen it spike high (if they even bother monitoring).

Enough concern has been expressed over the keeping of medical data on digital systems connected in anyway to the Net, that whoever is ultimately responsible for this storage is now guilty of gross misconduct, and a party to identification theft. I would go so far as to say anyone involved in the development, deployment and operation of the NHS database system are also guilty, but unfortunately only a few heads tend to roll even when the incompetence is en masse.

The sooner we replace medical resources with robotics the better. Time to drop the redundant human element altogether from doctoring. There is no reason whatsoever to keep medical data on most people, the urge to keep data is a human one of simple noseyness and control.

The BBC have reported this story a couple of days ago, so there is little doubt this is not a legitimate story.

The story would lead one to believe that the server was tracked back from a bot / trojan.

Despite the data being stored plain text on the server it doesn't mean it would be easy to find amongst the vast ocean of junk that exists on the internet.

http://www.finjan.com/Pressrelease.aspx?id=1868&PressLan=1819&lan=3

My other half works as a community nurse somewhere in the south east...., she has her own PC at home and is reasonably PC literate.

At her workplace chaos reigns:

Upgrades which take months to install, non-existent training, IT staff who don't appear to have a clue (but are very quick off the mark to place the blame elsewhere), Servers which, in the rare occasion are actually on-line, go off-line after a couple of hours, user profiles disappearing, staff holidays(??), constant glitches which render the users ability to enter data commonplace, it's been going on for many months - and this is the crew that is going to secure our personal data?

@Anonymous Coward

"For the same reason the government has been pushing through this NHS database system, is exactly the same reason that the NHS is now a target."

Here we go again, a dramatic leap of faith made off the back of a story concerning a system which contained medical data purloined from some place. Who says it came from the NHS? What exactly has this story got to do with NPfIT or 'the NHS database' as you put it?

Well, nothing at all as it happens. The data could have come from any medical system anywhere in the world potentially. It might even have come from a doctors home computer - somehow compromised - which they were using to update patient records. There you go, my own equally stupid 'leap of faith' with absolutely no basis in fact.

A bit like your comment really...