The UK Department of Health (DOH) has been forced to apologise after the personal details of hundreds of doctors — including home addresses, phone numbers, sexual orientation and previous convictions — were made available online.
The security breach is the latest disaster to hit a troubled NHS online application system for specialist medical training posts. Doctors’ leaders say there was “no excuse” for the “appalling” breach — particularly after security concerns had been raised with the DoH.
Last month the government had to offer interviews to junior doctors who appeared to have been wrongly disqualified after the Medical Training Application Service (MTAS) spiralled into chaos.
The online application system crashed under the pressure of thousands of junior doctors trying to submit applications simultaneously. British Medical Association (BMA) representatives called for the scheme to be scrapped and the DoH was forced to call a snap review.
Now it has emerged that doctors’ personal details were available online for several hours on the 25th of April. The security breach was reported by Channel 4 News, which said: “It appears that the information was downloaded onto Excel files and placed on an unsecured website that could be accessed by anyone through the internet.”
The DoH told Channel 4 the team administering MTAS did not know how long the data had been available nor how many people had accessed the files.
The problem has now been fixed, the DoH confirms.
“We apologise to any applicants whose details have been improperly accessed. This is a very serious matter and is under investigation,” a spokesman says.
“This URL was made available to a strictly limited number of people making checks as part of the employment process. This information was never publicly available through the MTAS website and was only accessible for only a short period of time after details of the URL were leaked.
He adds the issue was fixed as soon as it was brought to the department’s attention.
But doctors’ representatives are furious.
“What little faith anyone had left in this shambolic system has just evaporated. It is a breach of security on an appalling scale. The ease with which anyone could have accessed highly sensitive information about thousands of people is frankly shocking,” says Dr Jo Hilborne, chair of the BMA’s junior doctors committee.
The BMA had raised concerns about the security of the MTAS website “on more than one occasion,” she says. “The Department of Health had months to put it right and failed. There can be no excuse for this.”
Emily Rigby, chair of the BMA’s medical students committee, says concerns about online security for medical students’ applications were raised last year after the system was hacked.
“We were given explicit assurances it wouldn’t happen again,” she says.