Heath board has contacted 50 people affected by software privacy breach | Stuff.co.nz
Heath board has contacted 50 people affected by software privacy breach
Sam Sherwood
13:58, Mar 28 2021
Fullscreen
STUFF
Director General of Health Dr Ashley Bloomfield says despite over a thousand people trained to give Covid-19 shots, less than half of those are required at the moment.
About 50 people affected by a software error that allowed patients’ private information to be seen in the Covid-19 vaccination appointment booking system have been contacted by the Canterbury District Health Board (CDHB).
The error meant the details of 714 individuals who had registered were potentially able to be viewed.
The details included name, gender and age, but no personal health information.
In a statement on Saturday, the Ministry of Health (MoH) said the system was taken down on Friday night and an investigation was under way which would provide more detailed information.
READ MORE:
* Covid-19: One new case of coronavirus in managed isolation, one historical case
* Covid-19: Spotlight on air conditioning in managed isolation hotels
* Quarantined person had 'potential' to enter Christchurch Hospital without staff knowing
On Sunday, a MoH spokesman said the CDHB spoke to 50 people on Saturday night, apologising and informing them of the actions being taken.
ADVERTISEMENT
Advertise with Stuff
Dr Ashley Bloomfield says the mistake was “very unfortunate” and immediate steps were taken to address the issue. (File photo)
GETTY IMAGES
Dr Ashley Bloomfield says the mistake was “very unfortunate” and immediate steps were taken to address the issue. (File photo)
“The key concern of many of those contacted was that their booked vaccinations would go ahead as planned – which they will. This process of contacting individuals continues [Sunday]. Where individuals are unable to be contacted by phone, the DHB will be making contact through email.
“A relatively small number of people were understandably upset. Again, the DHB has apologised and has also explained that the appointment system remains offline until the issue is rectified and the system thoroughly tested.”
The external booking issue appeared to be limited to CDHB and household members of frontline border workers at the district health board who had been invited to make appointments to be vaccinated.
“A handful of other DHBs had been considering a similar interim public booking system. They will now wait for the issues identified with the system to be rectified and checked before deciding whether to proceed.”
Hutt Valley and Capital & Coast DHBs were using a different version of the booking system used in Canterbury, but access was password protected and only available to staff on their internal network.
At this stage, there was no evidence of any malicious breach, access to this information or sharing of it further, the spokesman said.
stuff-logoauckland push alret updates icon
Don't miss important Christchurch news
Get mobile alerts
CDHB has confirmed the coding error meant that details of 714 individuals (two fewer than initially reported on Saturday) who had registered were potentially able to be viewed.
A national booking system, using different software to Canterbury’s interim booking system, and using a different IT approach, was being developed by the MoH to support scaling of the vaccine programme.
Dr Ashley Bloomfield, director-general of health, said earlier the mistake was “very unfortunate” and immediate steps were taken to address the issue.
“All health services take the privacy of individuals very seriously,” he said.
“The DHB will be contacting those affected, apologising directly and informing them of the actions now being taken.”
National’s spokesman for Covid-19 response Chris Bishop said via Twitter on Sunday he had been contacted on Friday night “by two individuals who told me they had raised with the Minister of Health and the MoH earlier that evening that there was a potential data privacy breach within the booking system being used for household contacts to book their Covid-19 vaccination”.
“People accessing the system were able to pull the national health numbers of people, their cell phone numbers, emails and dates of birth. I immediately alerted Covid-19 Response Minister Chris Hipkins,” he said.
Sam Sherwood
13:58, Mar 28 2021
Fullscreen
STUFF
Director General of Health Dr Ashley Bloomfield says despite over a thousand people trained to give Covid-19 shots, less than half of those are required at the moment.
About 50 people affected by a software error that allowed patients’ private information to be seen in the Covid-19 vaccination appointment booking system have been contacted by the Canterbury District Health Board (CDHB).
The error meant the details of 714 individuals who had registered were potentially able to be viewed.
The details included name, gender and age, but no personal health information.
In a statement on Saturday, the Ministry of Health (MoH) said the system was taken down on Friday night and an investigation was under way which would provide more detailed information.
READ MORE:
* Covid-19: One new case of coronavirus in managed isolation, one historical case
* Covid-19: Spotlight on air conditioning in managed isolation hotels
* Quarantined person had 'potential' to enter Christchurch Hospital without staff knowing
On Sunday, a MoH spokesman said the CDHB spoke to 50 people on Saturday night, apologising and informing them of the actions being taken.
ADVERTISEMENT
Advertise with Stuff
Dr Ashley Bloomfield says the mistake was “very unfortunate” and immediate steps were taken to address the issue. (File photo)
GETTY IMAGES
Dr Ashley Bloomfield says the mistake was “very unfortunate” and immediate steps were taken to address the issue. (File photo)
“The key concern of many of those contacted was that their booked vaccinations would go ahead as planned – which they will. This process of contacting individuals continues [Sunday]. Where individuals are unable to be contacted by phone, the DHB will be making contact through email.
“A relatively small number of people were understandably upset. Again, the DHB has apologised and has also explained that the appointment system remains offline until the issue is rectified and the system thoroughly tested.”
The external booking issue appeared to be limited to CDHB and household members of frontline border workers at the district health board who had been invited to make appointments to be vaccinated.
“A handful of other DHBs had been considering a similar interim public booking system. They will now wait for the issues identified with the system to be rectified and checked before deciding whether to proceed.”
Hutt Valley and Capital & Coast DHBs were using a different version of the booking system used in Canterbury, but access was password protected and only available to staff on their internal network.
At this stage, there was no evidence of any malicious breach, access to this information or sharing of it further, the spokesman said.
stuff-logoauckland push alret updates icon
Don't miss important Christchurch news
Get mobile alerts
CDHB has confirmed the coding error meant that details of 714 individuals (two fewer than initially reported on Saturday) who had registered were potentially able to be viewed.
A national booking system, using different software to Canterbury’s interim booking system, and using a different IT approach, was being developed by the MoH to support scaling of the vaccine programme.
Dr Ashley Bloomfield, director-general of health, said earlier the mistake was “very unfortunate” and immediate steps were taken to address the issue.
“All health services take the privacy of individuals very seriously,” he said.
“The DHB will be contacting those affected, apologising directly and informing them of the actions now being taken.”
National’s spokesman for Covid-19 response Chris Bishop said via Twitter on Sunday he had been contacted on Friday night “by two individuals who told me they had raised with the Minister of Health and the MoH earlier that evening that there was a potential data privacy breach within the booking system being used for household contacts to book their Covid-19 vaccination”.
“People accessing the system were able to pull the national health numbers of people, their cell phone numbers, emails and dates of birth. I immediately alerted Covid-19 Response Minister Chris Hipkins,” he said.
