NHS website glitch enables people to check Covid vaccination status of others

·1 min read
The site allows users to book vaccine appointments using their NHS number or basic personal information - Andy Rain/EPA-EFE/Shutterstock
The site allows users to book vaccine appointments using their NHS number or basic personal information - Andy Rain/EPA-EFE/Shutterstock

The NHS has vowed to review a glitch on its booking website that allows users to check the vaccine status of others.

The site enables users to book vaccine appointments using their NHS number or basic personal information.

Anyone with access to a person's details – such as their name, date of birth and postcode – can then deduce whether that person has been vaccinated through the website, according to The Guardian.

It means employers who have access to their employees' information could check the vaccination records of their workforce.

The NHS has said it is reviewing this process and improving standard messaging across the site.

Silkie Carlo, the director of privacy campaign group Big Brother Watch, said: "This is a seriously shocking failure to protect patients' medical confidentiality at a time when it could not be more important. This online system has left the population's Covid vaccine statuses exposed to absolutely anyone to pry into.

"Date of birth and postcode are fields of data that can be easily found or bought, even on the electoral roll. This is personal health information that could easily be exploited by companies, insurers, employers or scammers."

An NHS Digital spokesman said: "The system does not provide access to anyone's medical record and people should not be fraudulently using the service – it should only be used by people booking their own vaccines or for someone who has knowingly provided their details for this purpose."

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting