The Sun reports on potential security flaw in NPfIT Choose and Book

Whitehall officials would like to control the language and information on the NHS’s National Programme for IT [NPfIT], but the laws of Nature are, at times, pitched against them: The Sun has begun to take an interest in the scheme.

Following on from its article on the implementation of the Care Records Service at Barts and the London NHS Trust, The Sun has reported on a potential security breach with the “Choose and Book” system – part of the NPfIT – at a GP practice at Essex; and it has an editorial under the headline “Data Dunces”.

The editorial says:

“There’s nothing more private than your medical records. Yet it seems anyone can access the NHS computer database. The Government promised it couldn’t happen. Yet a GP finds he can log in without security checks. Labour insist that the ID Cards database will be totally secure. But how can we believe them?”

The Sun’s article said:

“The £12bn NHS computer system lay in tatters last night — as it emerged crooks may have accessed patient records. A security card flaw has left the system open to abuse for two years. Sensitive medical details, addresses and National Insurance numbers of every patient in the country could have been seen by anyone in a GP surgery or hospital without using the special swipe card.

“And the information could have been sold to ID theft gangs. Department of Health chiefs have been alerted to the flaw in the controversial Choose and Book system… a GP in Hornchurch, Essex, found he could log on to the system without inserting his “smart card” into the reader device. He immediately reported the error to the head office in Leeds.”

A source told The Sun: “Managers are really panicking about this because the implications are huge.” The Department of Health was quoted as saying that the “hardware fault” was fixed and had caused “no breach of patient confidentiality.”

This morning, 12 May 2008. NHS Connecting for Health, which runs much of the National Programme for IT, said:

“We are aware of a local hardware fault experienced in a GP practice. It caused no breach of patient confidentiality and is being thoroughly investigated to ensure that this cannot happen again.”

Officials argue that that a failure occurred at a GP practice in Essex because a local hardware fault was combined with recommended security procedures not being followed. They confirm that a contact in the smartcard reader failed. So if the GP did not log out of the computer the Choose and Book system could continue to be used without the need for the smartcard and passcode.

Officials point out that the GP should have logged out of the computer. But can they rely on busy GPs always logging off? I’ve put this to officials and am waiting for a response:

Security awareness not being perfect in all parts of the NHS it is apparently not uncommon practice to log in with a smartcard and passcode, and then leave others to use the PC. If this had happened on this occasion – and the smartcard holder had logged in, used the passcode, then left the PC – it appears anyone could have used it.


Potential security breach at GP practice in Essex – article in The Sun

Barts NPfIT go-live ends up in The Sun

All eyes on NPfIT go-live

Is the summary care record plan feasible? UCL report

Security warning as NHS staff view celebrity record

Smartcard sharing

Is NHS CfH in a good position to oversee the NPfIT?

Smartcard sharing – Stuart King’s blog

Are Security Requirements and Care Delivery Naturally at Odds with One Another?

South Warwickshire clinicians sharing smartcards