The U.K. Department of Health has been forced to apologize after the personal details of hundreds of doctors — including home addresses, phone numbers, sexual orientation and previous convictions — were made available online.
The security breach is the latest disaster to hit a troubled NHS online application system for specialist medical training posts. Doctors’ leaders said there was “no excuse” for the “appalling” breach — particularly after security concerns had been raised with the DoH.
Last month the government had to offer interviews to junior doctors who appeared to have been wrongly disqualified after the Medical Training Application Service (MTAS) spiralled into chaos.
The online application system crashed under the pressure of thousands of junior doctors trying to submit applications simultaneously. British Medical Association representatives called for the scheme to be scrapped and the DoH was forced to call a snap review of the scheme.
Now it has emerged that doctors’ personal details were available online for several hours from 9 am Wednesday. The security breach was reported by Channel 4 News, which said: “It appears that the information was downloaded onto Excel files and placed on an unsecured website that could be accessed by anyone through the Internet.”
Wednesday the DoH told Channel 4 that the team administering MTAS did not know how long the data had been available nor how many people had accessed the files.
The problem has now been fixed, the DoH has confirmed. A spokesperson said: “We apologize to any applicants whose details have been improperly accessed. This is a very serious matter and is under investigation.
“This URL was made available to a strictly limited number of people making checks as part of the employment process. This information was never publicly available through the MTAS website and was only accessible for only a short period of time after details of the URL were leaked.”
He added: “The MTAS team fixed the problem as soon as it was brought to their attention.”
But doctors’ representatives were furious. Dr Jo Hilborne, chair of the BMA’s junior doctors committee, said: “What little faith anyone had left in this shambolic system has just evaporated. It is a breach of security on an appalling scale. The ease with which anyone could have accessed highly sensitive information about thousands of people is frankly shocking.”
The BMA had raised concerns about the security of the MTAS website “on more than one occasion,” she said. “The Department of Health had months to put it right and failed. There can be no excuse for this.”
Emily Rigby, chair of the BMA’s medical students committee, said: “We raised concerns about online security for medical students’ applications last year after the system was hacked into. We were given explicit assurances it wouldn’t happen again.”