NHS Digital booking website had unexpected side effect: It leaked people’s jab status

An NHS Digital-run vaccine-booking website exposed just how many vaccines individual people had received – and did so with no authentication, according to the Guardian.

The booking page, aimed at English NHS patients wanting to book first and second coronavirus jabs, would tell anyone at all whether a named person had had zero, one or two vaccination doses, the newspaper reported on Thursday.

All you need, it says, are the date of birth and postcode of the person whose vaccination status you wanted to check up on.

[…]

Vaccination status is set to become a political hot potato as the UK restarts its economy following the 2020 COVID-19 shutdown. Government policy is to enforce vaccine passports, initially as a means of deterring overseas travel but rumours persist that they will be required for domestic activities. To that end, the ruling Conservatives’ insincere promise in December that vaccine passports wouldn’t become reality at all has prompted a 350,000 strong Parliamentary petition against them.

Carelessness around health data in general has been a feature of the current government’s tech-driven approach to tackling COVID-19. Such repeated incidents have a habit of lodging themselves in the public’s consciousness, making it harder to gain consent for genuine health-boosting measures based on handing data over to public sector bodies.

Source: NHS Digital booking website had unexpected side effect: It leaked people’s jab status • The Register

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft