What follows is a guest post by our technology correspondent. He’s pretty unimpressed by the NHS’s vaccine booking site, following news of various data breaches that have hit the headlines in the past 24 hours. Incidentally, he’s right about you being able to find out anyone’s vaccine status if you enter a few of their details on to the booking site. I was able to find out my sister’s status within two minutes.
The Guardian and Telegraph report that the NHS’s covid vaccine booking site has a “glitch” which reveals people’s vaccine status. That’s a big problem, as the Guardian points out, because it leaves all of us in the U.K. open to coercion, bullying and scams whether you have had the vaccine or not.
It is also not a “glitch” as the Telegraph describes it. The Guardian is closer with “seriously shocking failure”. To be clear, this is not an unintended bug introduced by a hapless programmer that occurs in obscure situations. It is a design flaw that shows the people responsible for your most private data do not understand the absolute basics of online privacy and security.
So, what is the problem? Essentially, if you know a little bit about a person: their name, date of birth and postcode, when if you enter that into the site it takes you to one of three different screens depending on whether you have had zero, one or two jabs. If you see a test centre finder, the person has had no jabs. If you see a request for a reference number, they have had one jab. If you see a screen saying you have had both of your appointments, then they have had two jabs. So, there you have it, the entire nation’s vaccine status available to anyone who cares to do a bit of online digging. I just tried it for some people I know, and I now know their vaccine status. There is no attempt to check that you are who you say you are. Not even the most basic authentication. It is a completely open database of the entire nation’s vaccine status. Even worse, it is still online now, more than 24 hours after the scandal broke in the press and the NHS being contacted by the regulator.
To recap, this is extremely private data, about every person in the UK, and it is openly available to everyone in the world. The site has not been taken down, even temporarily. It is equivalent to the Government providing a website that tells you if someone is overdrawn at their bank or not. But this is arguably more private than that data. This is why privacy is so important. This is why we should be so reluctant to give our data to people who cannot look after it, such as NHS Digital. The riposte of “if you haven’t done anything wrong then you have nothing to fear” doesn’t work. None of us have done anything wrong, but because NHS Digital has screwed up, we are all now vulnerable to scammers, fraudster and criminals, and there is nothing we can do about it.
The response from NHS Digital is as shocking as their ignorance of online security: “people should not be fraudulently using the service”. Is that a joke? Is that what passes for security, asking fraudsters not to access the site? The NDG – National Data Guardian for Health and Social Care – is not much better and apparently toothless: “The NDG has contacted the organisations which run the website to ensure that they are aware of the concerns that have been raised and will discuss with them the twin important aims of protecting confidentiality whilst maintaining easy access to vaccinations for the public.”
Ensure they are aware of concerns? They should be demanding that the site is immediately taken down and prosecuting NHS Digital management. This is a disgrace and a national embarrassment. Serious action needs to be taken immediately.
To join in with the discussion please make a donation to The Daily Sceptic.
Profanity and abuse will be removed and may lead to a permanent ban.
You just love to see it.
This type of project is at least an order of magnitude simpler than the proposed digital spider web to tie the jabs into everything.
Vaccine passports. What could possibly go wrong?
My theory of government. If you want a contract doing, add at least two zeroes compared to the private sector.
Said project won’t work and will become a financial black hole.
And a security disaster.
And whoever is running it will always fail upwards into the next disastrous project.
You can’t make this shit up.
I imagine they would just buy China’s system of the shelf
Who needs a passport when anyone can look up your status on-line.
More likely it’s deliberately been set up that way.
To make it easier for so called ‘fact checkers’ and other woke presstitutes to identify the gene therapy refusers, in particular ‘celebrities’, and then to go on naming, shaming and cancelling them.
Just another thing copied by Boris&co from Honecker&co.
crossed my mind too. easy way of shaming people
Sorry, I just wrote something very similar. I think it’s to help isolate those of us who don’t want the jab. Also, when the consider that the impending ‘passport’ will expose all our medical background, the government already want rid of our medical privacy.
Certainly it’s wisest to only give out one’s date of birth the minimum amount of times possible – yep I’ve long had a wrong DOB given on my Facebook page.
My comment (composed before reading yours):
“leaves all of us in the U.K. open to coercion, bullying” / “do not understand the absolute basics of online privacy and security” – Has someone failed to join the dots?
My comment just entered to reflected that. I have already been subjected to frankly unpleasant words and behaviour from people in the once close knit village I live in because I have not had the injection. This from both the older generation and my own age group in the 50’s. I suspect I and my family will no longer be invited to join in village socials. (Not that I am bothered as it has made me realise I don’t want to mix with people like that). But I can very clearly see where this is going for me and others like me that refuse the injection.
Incidentally I wrote to my MP a couple of weeks ago asking what would happen under covid passport regs for those of us not vaccinated, as surely they must be considering what to do with the”other” as part of the plans. He has not as yet replied.
I just want the State out of my life. And just like all State monoliths, the NHS is hugely inefficient and costly to run. This was bound to happen. Or has it been done on purpose?
Well this just serves the cause of sceptics, so don’t get angry. It undermines trust in these insidious institutions.
Well, the real problem is not the poor execution of the site, it is that it exists at all.
The NHS is a disgrace. It is the most dangerous organisation I have ever had the misfortune to encounter. Something like 1.4 million people are employed by the it. That works out as 1 in 48 people. So for 1000 people, 20 work in healthcare to look after them. The numbers are silly, because despite that massive unaffordable and ineffective national overhead, we get no care, poor care, error riddled care, and they don’t care. Medical expertise exists, putting people back together after trauma has improved impressively, but you have to be lucky to get the right specialist, and in a timely manner. The over reach is massive, given they can’t achieve the basics. Forget the bloody databases, and the IT department, just provide competent clinicians that people can access. Whole ghastly edifice should be broken up and managed at small hospital level.
I have so many anecdotes of terrible, sloppy, mind-blowingly ignorant and arrogant treatment I could write a small book on it. You just reminded me of a couple I’d forgotten/blocked out lol.
Ditto. Multiplied by friends, colleagues and relatives. I have lived in several countries over the years, and it was an eye opener as to the sheer awfulness we endure in the UK.
Our U.K. problem is we have put the NHS on a pedestal and called all its workers heros. After giving it deity status it’s hard to challenge it and if you are a angel working in it you don’t need to try very hard. I worked for it for 30 years until protecting my patients from the system became too much of a personal burden. I know lots of people employed by the NHS who do their very best but it is not a good system.
I salute you and applaud your efforts. My late 70s neighbour is retired old school matron, she puts many of the current crop to shame. Watching her assess and take command of a situation on behalf of her ailing friends involving gp, paramedics etc, is a joy to watch.
“We”?
That was a deliberate, communist-style propaganda campaign.
…and sometimes not even the right attitude. Picturing in my mind the arrogant doctor that belittled me for being upset at the way I was being treated by him. Errrr…hello….it’s upsetting needing medical treatment in the first place (ie because that means your own body has let you down and is being ill on you) and it’s not surprising if arrogant/careless type of treatment on top of the nuisance of being ill means one gets upset. To then compound that by telling you off…..
Women are treated particularly poorly, there is an old thread on one of the parenting websites, mumsnet I think, recounting incidents. It is an appalling and shocking endictment of medical “care” in the UK. I would be utterly ashamed if I worked for such an organisation.
And the structure is hard to understand, albeit trading under one name. And you are quite right to say that “you have to be lucky to get the right…”; I’m one of them, from a few years ago.
Tell me about it! Both my elderly/ill parents have died (elsewhere in the country) since Lockdown started. Cue for my father being in hospital for weeks at a time at one point and we all expected he would die soon – but I did not expect to put my phone back on the hook one morning (having already anticipated inefficiency on their part!!!) to find one of them had tried to ring me in the middle of the night to tell me he was dead and I then rang the hospital to find it was someone else that had died and not him. They then rang up again some days later to tell me he was dead – and, again, it was someone else and not him. You can understand why the air was blue that time – as I told them off big-time for having made 2 “he’s dead” error phonecalls to me in a matter of weeks. The 3rd (this time correct) phonecall was made to me by the nursing home he was subsequently transferred to and got made first thing in the morning (rather than in the middle of the night).
Never go into hospital if you’re ill, unless you have someone else to fight your corner for you.
Too right. Should have kept an elderly relative at home, with hindsight, with actual proper nursing care, hydration and high dose vitamins she would have stood a fighting chance. Instead she was ignored by one doctor, frightened half to death by another and seen off by neglect as they kept letting her dehydrate. Inadequate number of nursing staff on duty and wishy washy decision making. First and only time I have ever issued a public bollocking to anyone, no rude words, no aggression, no shouting, but an unarguable statement of my view of the medic’s actions and inactions, the behaviour towards the patient was inexcusable.
There should be more preventative treatments, advice on diet, exercise and any reasonable alternative therapies and treatments, not constant ,pharma, and unnecessary surgeries
does the 1 in 48 include the outsourced cleaners (well not really cleaners judging by the infections one can catch in hospital), catering, etc.
In case anybody has missed it, there’s a legal case trying to set a precedent against “no jab no job” https://www.crowdjustice.com/case/stop-coerced-vaccination
Please can people contribute to this if you can afford it.
Could it be that the lack of security is… deliberate? After all, this leaves plentiful scope for people snooping on one-another, so covidians can bully and harass those who don’t want the jab. Peer pressure is a huge thing – the government/bankers and the maniacal scientists want us all jabbed.
It was certainly my first thought that they did that deliberately. Second one being “Glad I made sure I put up the wrong birth date on my Facebook page – back when I created it in 2007”.
Only it’s not ‘extremely private data’, is it? We live in a country where it is perfectly OK for one’s line manager to say in an extremely loud voice ‘so everyone in the room has had their first jab, except…(name of colleague)’
I hope the colleague concerned took them severely to task for that!
I wonder if it’s not possible to finagle this? I checked on myself this morning (I could not give the slightest of stuffs about whether my friends, neighbours or Uncle Tom Cobley has had a jab, so wouldn’t dream of using anyone else’s details) and, yes, it confirmed that I needed to book two jabs. So if I booked them, would my details then come up differently? I shall go and have a go and report back when I can be bothered ….
Ok, so I #booked# both my jabs. Now when I go into the system, it asks me to enter either of my booking references. Unfortunately, I #completely forgot# to make a note of them, or of the date of either of the appointments. But, it appears that anyone interrogating the system will assume I have appointments set up.
Now a decent system would automatically cancel them when you don’t show up.
This shitshow on the other hand…
So the burglars et al know when to break in etc. Hmmm.
Interesting timing – same day as the local elections in which the Bo(dge) Jo(b) party appear to have relinquished Labour of a large number of Council seats?
It’s been floating around here st LS for a couple of days.
You can also get somebody’s mother’s maiden name from the birth certificate database. And you can order that certificate for anybody you fancy.
This notion that there is individual privacy in the U.K. is an American import. We’ve always been far more open about that sort of data here.
It’s a little bit of a storm in a tea cup. Why is it such a big deal if I know how many vaccinations you had? I’ve had one – and everybody here now knows that without interrogating any database. That’s because I’m not paranoid and I know from working in the business that “privacy” is largely an illusion.
You become relaxed about it once you realise that frankly you’re not that important in the grand scheme of things.
You can’t nick somebody’s bank account with their vaccination record. However you probably can with their date of birth, postcode and mother’s maiden name…
why is is my medical history any of your business?
Another example of mission creep. The purpose of a birth certificate was to record the existence of another citizen. Not for breeding records, not for tracking and monitoring, not for surveillance. No way should any of this stuff be on the internet.
I never trust anybody who tells me that because freedoms have been trampled on before, it’s ok to do the same now.
I never trust anybody who tells me that because one thing is wrong, it doesn’t matter if we have another wrong thing.
I never trust anybody who tells me I’m being paranoid, when spouting the same stuff that tyrants and oppressors have tried to deceive people with since the dawn of time.
In the same way that I don’t want to know ANY of your medical history, I don’t want you to know any of mine. The fact you want to shout about yours is irrelevant to me.
Back in the Brigade box with you!!
It does seem rather sloppy.
Fon! How are you?
The Information Commissioner will be furious about this, this is special category data which has the highest possible protection in law, there will be an immediate investigation and heads will, er, nod and say ‘lessons will be learnt’.
He should be but I don’t think he will care about it
Oh I so trust our government and our NHS heros so, so much ….! Can’t wait to hand them responsibility for all aspects of my life!!!
Does anyone know Captain Tom’s date of birth and postcode?
https://web.archive.org/web/20210115104151/https://www.dailymail.co.uk/news/article-9149803/JANET-STREET-PORTER-Im-not-afford-fly-Dubai-jab.html
fat load of good it did the men.
DOB should be easy enough as didn’t he celebrate his 100th birthday? Postcode less so as wasn’t he in a care home? Somehow his family were allowed to take him out and on an extended jolly to Barbados instead, fair play though, I would if I could.
Yes they gave Captian Tom the shot, Janet Street Porter reported on it, then he died, then they denied he had the jab and went to great lengths to make sure this lie became common knowledge. Bunch of criminals
NHS + IT = predictable disaster.
Pedantic Literally which train to the same destination.
I recently wrote here of my partner receiving a text message for my vaccine appt. (I ‘d asked for it to be delayed when first letter arrived and asked to be sent a letter for a further appt. as all the controversy about AZ meant I should at least delay it.)
Like any good sceptic I too suspect this is deliberate.
Probably for employers.
This is f***ing outrageous of course but don’t expect a public outcry: the majority don’t see anything wrong with this.
After all its a pandemic!!
It’s beyond their comprehension that this opens doors to further abuses. They’re clowns and I’m not exaggerating when I say I’m beginning to strongly dislike a lot of people who are strongly pro-lockdown and strongly pro-vaccination.
Oh and don’t expect any understanding from NHS bureaucracy: you’ll be greeted with incredulity: what you DON’T want our jab?
They really do believe they’re doing you a favour.
A lot of them have swallowed the government’s (deliberate) propaganda that they’re heroes and can do no wrong.
No more ‘heroic’ to me than the guys who save me from disease every week by collecting my rubbish.
Yep, they’re brainwashed, it’s hard-wired, and until folk start dropping dead from the injections en masse in the streets in a way which leaves a Covid19 symbol on their foreheads with the words “I died from the Covid vaccine tattood on”, they will always put their faith in their enemy and excuse their crimes, one after the next. Even if that happened and the people start dying in big numbers from this, the government will just blame it on a deadly new strain, and the morons will believe them, they will accept Martial Law because the new visibly deadly strain (actually disease caused by the vaccine) warrants it, and they will queue up for more.
Surely this is the responsibility of The National Data Guardian for Health and Social Care ie the Caldicott Principles?
It used to be Dame Fiona Caldicott until her death in February 2021.
Dr Nicola Byrne was appointed to the role in March 2021 by Hancock. Matt Hancock is a driving force for digital health technology in the NHS to transform healthcare.
Perhaps they are now focusing and reliant too much on the 7th Principle, added in 2013, following a second review of information governance…
“Principle 7: The duty to share information can be as important as the duty to protect patient confidentiality.“
In England, people have a choice and can opt out of the NHS Digital sharing of confidential patient information. However, patient information may be used for coronavirus research purposes even if people have opted out.
https://www.nhs.uk/your-nhs-data-matters/
I would imagine injection status would come under the ‘research purposes’.
The old NHS “presumed consent” again. Why does any nation state require a database of everyone’s medical records, it’s insane, creepy and a massive tax burden. All it does is feed computers, at the expense of actual clinical care. Of course the data is handy to sell on, isn’t it…..
This doesn’t apply to Scotland, yet.
As for anyone registered with a GP in England, I’ve checked this myself using my brothers details and I’m appalled that this information is so easily available.
I’ve checked a few friends on Facebook and these idiots have their date of birth in full view and getting their postcode is easy.
We have either the most incompetent health service and government or we have something much more evil in place. I don’t know which is worse.
It’s pure evil, no doubt about it. Here is a snapshot of some of their previous humanitarian endeavours:
Robert Fisk: The Children of Fallujah – the hospital of horrors
https://www.independent.co.uk/voices/commentators/fisk/robert-fisk-children-fallujah-hospital-horrors-7679168.html
Evil is worse. Stupid people have a bad reputation, because we encounter (or maybe just notice) them much more commonly, but they’re more of an irritation than a genuine threat.
“if you haven’t done anything wrong then you have nothing to fear” unless your political opponent decides to target you because they don’t like your views….You don’t need to have broken any laws to be targeted by law enforcement. They’ll even make up new laws after you’ve been arrested, just so they can find you guilty.
And no, I haven’t made that up.
Depends how you define “wrong”.
Why would anyone think this is not a deliberate strategy by the Government. They have spent almost a year creating division in society encouraging us to dob each other in for even the most minor infrigement. Now they are busy sewing fear regarding the need to have multiple injections, and the advent of a 2 tier society through covid passports. Why then would you not encourage people to look up their neighbours and friends vaccine status such that those unvaccinated can be made outcasts, and the subject of hate campaigns and intimidation by those vaccinated. There is nothing the Governments around the world and especially this one won’t do to punish those who will not comply.