Doctor website scandal: how did it happen?

From Mmc

A major technology flaw put hundreds of junior doctors' personal details on the internet, but how?

For months the Health Department has been struggling to contain the crisis caused by glitches on its website for recruiting junior doctors. Now in a major embarrassment for ministers, Channel 4 News has discovered that the intimate personal details of medical students have been made available online.

The details include addresses, home phone numbers, and even sexuality. So, how could this happen? Here's our Technology Correspondent Benjamin Cohen What's actually happened?

It appears that the information was downloaded onto Excel files and placed on an unsecured website that could be accessed by anyone through the internet.

This is astounding. These kind of personal details could have been kept on a private internal system and it only requires a small file to protect the information using a password. The Department of Health is yet to explain why. How long was it available?

The Department of Helath told me that the MTAS team - who administer the system - didn't know how long the data had been available. They admitted it was at least since 9am this morning, but it could have been much longer.

They also don't know how many people have accessed the files - although it's a very simple task to find out. If they really can't view this information then it implies they don't know how to operate their own system properly. What are the implications?

Well, I have been able to look at and download information including the addresses, home phone numbers, religion and even sexuality of thousands of medical students. There is a real risk here that these details could be used for identity fraud.

The NHS could also be required to pay so that all those listed are able to regularly check their credit reference file. Hardly the best use of valuable resources.