tag:blogger.com,1999:blog-22202011.post575884250346710970..comments2023-12-11T08:49:46.305+00:00Comments on Dizzy Thinks: NHS doctors application website exposes completed application formsUnknownnoreply@blogger.comBlogger12125tag:blogger.com,1999:blog-22202011.post-71385014609762252272007-04-26T09:47:00.000+01:002007-04-26T09:47:00.000+01:00Fair enough. This is a proper monsterly uncivilise...Fair enough. This is a proper monsterly uncivilised blog. Comment withdrawn!<BR/><BR/>Another thing though. This breach was known about from 9am and the Information Commissioner was told first. Channel 4 do not reveal when they were told. But I think it's safe to say this was soon after the enquirer at the IC was rebuffed with "not much we can do".<BR/><BR/>Then Channel 4 say:<BR/><BR/><I>At 4.35pm we told the Department of Health. The chair of the British Medical Association's Junior Doctors Committee also called the department - at 5.05 they closed the breach - it took them just half an hour.</I><BR/><BR/>So this is let's say seven hours - perhaps 90% of the time that this thing was open - that C4 did not get it fixed. Did they believe this was very low risk or they were prepared to let this run for a few hours to beef up their story?<BR/><BR/>At least they got it fixed before running the story.<BR/><BR/>Should Channel 4 pay for the ongoing costs of any breaches in the c seven hours when they had the story but didn't close the breach?<BR/><BR/>Favourite bugbears: <BR/><BR/>1. - media and "experts" not giving any real indication of risk or proportion. Especially round medicine and science. <BR/><BR/>2. - media or injured parties rushing to publish and making things worse in a cavalier way.Chris Paulhttps://www.blogger.com/profile/15679067503215414300noreply@blogger.comtag:blogger.com,1999:blog-22202011.post-55612030406676848782007-04-26T09:39:00.000+01:002007-04-26T09:39:00.000+01:00Tit is term of endearment, and who said this was c...Tit is term of endearment, and who said this was civilised blog?dizzyhttps://www.blogger.com/profile/04250325010662356883noreply@blogger.comtag:blogger.com,1999:blog-22202011.post-14797279868614167772007-04-26T09:33:00.000+01:002007-04-26T09:33:00.000+01:00Sorry DizzyI'm not saying it's insignificant. When...Sorry Dizzy<BR/><BR/>I'm not saying it's insignificant. When I said "Seems pretty crap" I didn't mean the story. I meant the ICT skills in the NHS Training set up. <BR/><BR/>But what is the quantum of damage? How long was this stuff online and how many people accessed it that should not have. This information should be obtainable from the server(s) should it not?<BR/><BR/>As a sometime Equal Opps professional (many years ago) it is significant to me that information such as sexuality and religion (relevant for deciding who gets training contracts? I don't think so) and probably race and ethnicity and age and all sorts of other EO no nos are in the same part of the DB as the names and quals.<BR/><BR/>It seems to me a fair question to ask:<BR/>"How bad is this?"<BR/><BR/>Which is not the same as saying it's nothing.<BR/><BR/>Perhaps I should have been clearer. But this is only a blog comment. I am liking the use of "tit" on this civilised blog btw, rather than the impolitenesses of others on the blogright.<BR/><BR/>Incidentally when I was a student (for an awfully long time) I had a lot of mates who were medics and the "system" for allocating training jobs has always been shitty and haphazard.<BR/><BR/>Sometimes trying to drag something intrinsically bad into a better place is going to take a few tries. It's not like direct govt projects are the only ones to get ICT wrong or expose data is it? <BR/><BR/>The recent Building Society instance was - it seems from reports - far, far worse in quantum and mistakes than this one.<BR/><BR/>Best w<BR/><BR/>Chris "Tit" PaulChris Paulhttps://www.blogger.com/profile/15679067503215414300noreply@blogger.comtag:blogger.com,1999:blog-22202011.post-78600318373885295202007-04-26T06:02:00.000+01:002007-04-26T06:02:00.000+01:00I can't believe you just said that Chris, don't be...I can't believe you just said that Chris, don't be such a tit, this a major information security breach of catastrophic incompetence. It's not about what informatiion is in the public domain already, there is the id theft consideration to be had, plus the data protection breaches. Trying to play this down as insignificant is complete crap.dizzyhttps://www.blogger.com/profile/04250325010662356883noreply@blogger.comtag:blogger.com,1999:blog-22202011.post-53113668255335181262007-04-26T00:02:00.000+01:002007-04-26T00:02:00.000+01:00Seems pretty crap. But then again most of this inf...Seems pretty crap. But then again most of this information (not sexuality and CR) is already in the public domain in a little directory of names, numbers, addresses, quals etc of ALL doctors in the UK. Readily available.<BR/><BR/>How many people had downloaded the DB? (a) before the publicity? (b) after? I suspect the numbers are (a) next to none and (b) hopefully none because the media aren't twats and got the site taken down ahead of running it.Chris Paulhttps://www.blogger.com/profile/15679067503215414300noreply@blogger.comtag:blogger.com,1999:blog-22202011.post-65277177738642657042007-04-25T22:36:00.000+01:002007-04-25T22:36:00.000+01:00perhaps those good chaps at the NHS should have re...perhaps those good chaps at the NHS should have read this.<BR/><BR/>http://www.dh.gov.uk/en/Publicationsandstatistics/Publications/PublicationsPolicyAndGuidance/DH_074142<BR/><BR/>published today.This is a guide to the methods and required standards of practice in the management of information security for those who work within or under contract to, or in business partnership with, NHS organisations in England. It is based on current legal requirements, relevant standards and professional best practice.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-22202011.post-92127520606952781282007-04-25T22:27:00.000+01:002007-04-25T22:27:00.000+01:00WICKED !!! This is fantastic - do you have more de...WICKED !!! This is fantastic - do you have more details ???????<BR/><BR/>I am so glad I applied to have my details kept off the Single Care Register !!! <BR/><BR/>This needs / wants / would benefit from a far wider audience....Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-22202011.post-52857963905932117412007-04-25T22:04:00.000+01:002007-04-25T22:04:00.000+01:00Anonymouse 8.44Here here.Anonymouse 8.44<BR/><BR/>Here here.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-22202011.post-55417189780796232022007-04-25T21:44:00.000+01:002007-04-25T21:44:00.000+01:00I wonder who developed such a system. Not another ...I wonder who developed such a system. Not another outsourced project by any chance? Maybe if mature and experience British professionals were engaged to do the work we would have less of these IT problems. However, cheap, young inexperienced overseas former street beggars are hired to do the work instead.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-22202011.post-85925576363582013452007-04-25T20:57:00.000+01:002007-04-25T20:57:00.000+01:00Britain needs DizzyBritain needs Dizzylilithhttps://www.blogger.com/profile/05011676751221508167noreply@blogger.comtag:blogger.com,1999:blog-22202011.post-33612797019071655462007-04-25T20:17:00.000+01:002007-04-25T20:17:00.000+01:00Mmmmmmm ... and what about identity theft for year...Mmmmmmm ... and what about identity theft for years to come ?<BR/><BR/>This is a cock up of huge proportions but will any member of the Government be made to pay??<BR/><BR/>I cannot remember a Government fall apart so rapidly before..Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-22202011.post-60114492343189610262007-04-25T19:22:00.000+01:002007-04-25T19:22:00.000+01:00Despite all the recent revelations of the incompet...Despite all the recent revelations of the incompetence of the smug Patsy this tops them all. The report took my breath away and will surely become big news.I feel so sorry for all the medics. I hope Dizzy will be able to fill us in on more of the detailAnonymousnoreply@blogger.com