NHS Digital is altering its Covid vaccination booking website after it was revealed that the system leaked people’s vaccination status.
Anyone with basic personal details of a colleague, family member, or friend could easily gain access to their vaccination status from the website.
The failure to safeguard people’s confidential medical information means that, in theory, bosses could check whether employees are vaccinated, raising alarming privacy concerns for workers.
Director of Big Brother Watch, Silkie Carlo, said:
“This is a seriously shocking failure to protect patients’ medical confidentiality at a time when it could not be more important. This online system has left the population’s Covid vaccine statuses exposed to absolutely anyone to pry into. Date of birth and postcode are fields of data that can be easily found or bought, even on the electoral roll.
This is personal health information that could easily be exploited by companies, insurers, employers or scammers. Robust protections must be put in place immediately and an urgent investigation should be opened to establish how such basic privacy protections could be missing from one of the most sensitive health databases in the country.”