02-27-2021 , 11:04 PM
The private information of thousands of people who have received the Covid-19 vaccine have been exposed following a HSE blunder.
The IT system used by the HSE was compromised due to ‘human error’, meaning that confidential data was accessible despite earlier warnings by data chiefs.
Crucial details that can often be used to certify access to financial, health and highly personal files online were left exposed, including PPS numbers, addresses, names and contact details.
A whistleblower who was granted access to this database contacted the Irish Daily Mail with worries over the data security.
There is no reason that they should have been granted this access.
Speaking on RTE Radio One, Data Protection Commissioner Helen Dixon said: “We’re certainly making enquiries with the HSE in relation to that story.
“We hadn’t had a breach notification from the HSE in relation to it, we have seen the details on the front page and they certainly look to be of concern.
“We’re eager to obtain information from the HSE as to what their assessment of the story that’s broken is.
“The HSE conducted a data protection impact assessment, as they should have done, under the creation of this database and they consulted with us on it on the risks.
“We gave them feedback in relation to risks that we thought they should assess and attempt to mitigate so in terms of giving them a warning, we certainly highlighted the risk areas as we saw them and were been reassured that they had mitigated them.
“We really need to hear from the HSE in relation to this.”
Source
The IT system used by the HSE was compromised due to ‘human error’, meaning that confidential data was accessible despite earlier warnings by data chiefs.
Crucial details that can often be used to certify access to financial, health and highly personal files online were left exposed, including PPS numbers, addresses, names and contact details.
A whistleblower who was granted access to this database contacted the Irish Daily Mail with worries over the data security.
There is no reason that they should have been granted this access.
Speaking on RTE Radio One, Data Protection Commissioner Helen Dixon said: “We’re certainly making enquiries with the HSE in relation to that story.
“We hadn’t had a breach notification from the HSE in relation to it, we have seen the details on the front page and they certainly look to be of concern.
“We’re eager to obtain information from the HSE as to what their assessment of the story that’s broken is.
“The HSE conducted a data protection impact assessment, as they should have done, under the creation of this database and they consulted with us on it on the risks.
“We gave them feedback in relation to risks that we thought they should assess and attempt to mitigate so in terms of giving them a warning, we certainly highlighted the risk areas as we saw them and were been reassured that they had mitigated them.
“We really need to hear from the HSE in relation to this.”
Source