Hackers exploit vulnerability on UK NHS Covid vaccine website

511

The Corona Virus vaccine related website hosted by NHS is hitting the google news headlines for all wrong reasons. Reports are in that the website is allowing anyone to access vaccine related status and information of anyone and is also allowing them to alter the details.

The NHS Covid Vaccine website allows UK populace to enter their NHS number or their name or DOB along with their postcode to book a vaccine appointment. And this simple process is being exploited by the hackers to alter the status of a vaccinated person.

Employers can find out which of their staff members have been vaccinated and who are using a fake vaccine certificate to get benefits- just by using some digital tricks on the Jab Screen page.

Note 1- Nearly 15 million people have been fully vaccinated in UK and over 35 million have received their first dose. And so far over 51,225,000 vaccinations have been induced into the populace across the country.

Note 2- Silkie Carlo, the Director of Privacy Campaigners Big Brother Watch has stated that the website vulnerability that is being exploited by hackers is a serious failure of NHS in protecting medical details of its patients and that’s absolutely true…..isn’t it?

Note 3- Healthcare related data is on high currency demand on the dark web and if hackers sniff flaws like these, then it can prove as an earning stream for ad companies, insurers and scamsters along with some employers.

Note 4- NHS Coronavirus Vaccine website doesn’t have access to anyone’s medical record and so the concerns should be minimal. Wonder what will the Ombudsman that looks into GDPR implementation has to say on this….?

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security