The NHS is investigating allegations that patient data was vulnerable to hacking due to a software flaw at Medefer, a private medical services company handling NHS referrals. In November, a software engineer discovered a flaw affecting the company's internal patient record system, involving an unsecured API, potentially allowing unauthorised access to patient information, which he claims could have existed for six years.
Medefer disputes this claim and maintains that no patient data was compromised and that the flaw was fixed immediately upon discovery. The company commissioned an external security agency to review its systems, which found no evidence of a data breach. Medefer also reported the issue to the Information Commissioner's Office (ICO) and Care Quality Commission (CQC), with the ICO confirming no further action was required due to the lack of evidence of a breach.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 5,750 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.
