The Department of Health (DoH) has apologised for its latest IT blunder - publishing private details of applicants for junior doctor posts on an unsecured website. The Medical Training Applications Service (MTAS) is the computerised HR system for students and junior doctors. But applicants for the foundation course - the first …
It gets worse
Checkout http:/nhsblogdoc.blogspot.com and the articles "MTAS site closed for "essential maintenance"" and "MTAS - would someone tell me this is not true" from today.
Apparently any applicant could see email to other correspondents by changing the number at the end of the redirect url to the MTAS site. Also anyone could sign up for the MTAS site without proof of who they were, so this information could be seen by anyone.
Simple solution needed
Can we please simply ban the use of, proposal for and development budget for any and all computer systems from all British government (at any level) departments or quangos?
Or would that cut El Reg's headlines by more than is acceptable?
It was very amusing to hear a spokeswoman (no doubt being prodded from behind t approach the mic) on the Today programme having to pretend that the forthcoming patient database would be properly secure!
IIRC, a recent estimate (not the DoH's obviously) of the cost of said database, to serve 30m people, was £30bn. I'd happily look after my own records for £1000, and security would not be a problem...
For F***s Sake.
If that's the best they can do, then they simply shouldn't be in the business. I don't mean the webauthor... who shouldn't even be in the business of breathing, I mean the twits who hired him without thinking "..." actually without thinking full stop.
THIS is why ID cards are doomed, while it's easily possible to concoct cunning RSA based forgery proof cards, I'd count us lucky if they were even protected by ROT13.
Is that it?
This issue has received a huge amount of coverage in the mainstream press and on TV, and this article on what is supposed to be a tech news website is shorter than than on poodles turning out to be sheep which has no IT angle whatsoever.
Please can theregister return to just reporting tech news, and leave the trivial to other sites.
Who Did This?
Why do these IT disaster stories never mention the developer of the atrocious software in question? How about a bit of Naming And Shaming??
Any IT disaster-related story on an IT news site should include the follwing:
- Was the software developed in-house out-sourced?
- Who were the main developers?
- What other projects (government or otherwise) have they worked on?
- Links to developer's web site
Would anyone else out there like to see this information?