UK markets close in 7 hours 4 minutes
  • FTSE 100

    7,094.46
    +4.45 (+0.06%)
     
  • FTSE 250

    22,650.11
    -29.53 (-0.13%)
     
  • AIM

    1,223.69
    +1.54 (+0.13%)
     
  • GBP/EUR

    1.1704
    +0.0028 (+0.24%)
     
  • GBP/USD

    1.3978
    +0.0031 (+0.22%)
     
  • BTC-GBP

    24,496.46
    +1,363.52 (+5.89%)
     
  • CMC Crypto 200

    820.47
    +26.14 (+3.29%)
     
  • S&P 500

    4,246.44
    +21.65 (+0.51%)
     
  • DOW

    33,945.58
    +68.61 (+0.20%)
     
  • CRUDE OIL

    73.42
    +0.57 (+0.78%)
     
  • GOLD FUTURES

    1,782.80
    +5.40 (+0.30%)
     
  • NIKKEI 225

    28,874.89
    -9.24 (-0.03%)
     
  • HANG SENG

    28,817.07
    +507.31 (+1.79%)
     
  • DAX

    15,561.23
    -75.10 (-0.48%)
     
  • CAC 40

    6,582.44
    -29.06 (-0.44%)
     

Vaccine booking site flaw allows people to work out another user’s status

·2-min read

An apparent flaw has been uncovered on the coronavirus vaccine booking website that allows anyone to work out another person’s status using basic personal information.

The service for England requires an individual’s NHS number or simply their name, date of birth and postcode to arrange an appointment.

Using such simple details, the responses on the subsequent screen can be used to deduce whether a person has been vaccinated.

According to The Guardian, using the information of a person who has not had any jabs goes through to a standard screening page.

HEALTH Coronavirus VaccineDoses
(PA Graphics)

An individual who has had their first vaccination and has already booked a second is asked to provide a booking reference.

Those who have had both jabs are shown a page which reads “you have had both of your appointments”.

It was reported that details can also be abused to make a second vaccine booking for people who have only had their first jab through a GP so far.

Silkie Carlo, director of privacy campaigners Big Brother Watch, said: “This is a seriously shocking failure to protect patients’ medical confidentiality at a time when it could not be more important.

“This online system has left the population’s Covid vaccine statuses exposed to absolutely anyone to pry into.

Coronavirus graphic
(PA Graphics)

“Date of birth and postcode are fields of data that can be easily found or bought, even on the electoral roll.

“This is personal health information that could easily be exploited by companies, insurers, employers or scammers.”

An NHS Digital spokesman said it is reviewing and improving the standard messages that are presented on the website.

“Over 17 million first and second dose appointments have been made in over four months,” a statement said.

“This is making a significant impact on the management and containment of the pandemic and is saving lives.

“The system does not provide access to anyone’s medical record and people should not be fraudulently using the service – it should only be used by people booking their own vaccines or for someone who has knowingly provided their details for this purpose.”

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting