A HACKER with alleged ties to Anonymous claims to have accessed an NHS database with records on more than one million patients.
SwiftQueue operates an appointment booking service for eight NHS Trusts; it also operates patient-operated check-in terminals in waiting rooms.
An NHS contractor contacted the Metropolitan Police's Cyber Crime unit after it discovered that the website had been breached.
Touché, said the alleged attacker, who contacted The Sun newspaper, saying that people have "a right to know how big companies like SwiftQueue handle sensitive data."
According to the hacker, the attack exploited unpatched weaknesses in SwiftQueue's software. This enabled it to download the company's entire database, containing more than 1.2 million records, including passwords.
SwiftQueue disputes the assertion. It acknowledges that a hack took place, but that its database is not as big as claimed. It says that around 32,500 lines of 'administrative data' were accessed, of which some was test data relating to 'dummy' patients. However, what was accessed does include personal details such as names and dates of birth, but does not include medical records; passwords are encrypted.
No more details, such as which Trust(s) was affected, were shared.
Sam Smith, a coordinator at MedConfidential (a group dedicated to protecting patients' medical records and personal information), told The Sun: ,"Patients will be alarmed that a company trusted by the NHS to hold their private data has been compromised in this way.
"Firms should take every step possible to keep private data secure, which does not appear to have happened in this case... The NHS should be doing more to ensure their suppliers meet the highest possible standards of data security."
SwiftQueue is now informing patients who have been affected.
The NHS was recently granted £21m to improve its cybersecurity, in the wake of the WannaCry ransomware attack. µ
But don't worry - it's being Saved For Later
Is equipping stalls at this weekend's All Points East festival with terminals
Probably hasn't got permission to email everyone and warn them
Facebook is still collaborating where it can