Wed, 13 Mar, 2024 - 11:24

HSE computer glitch put Covid vaccine data of up to 1m people at risk

There has been no indication yet that the information was accessed by any users with malicious intent.
HSE computer glitch put Covid vaccine data of up to 1m people at risk

Michael Bolton

A computer glitch meant the HSE’s Covid vaccination portal left the data of up to one million people vulnerable.

This included the full names, vaccination status and type of vaccination people received.

The issue was discovered in December 2021 by Aaron Costello, security researcher and principal software-as-a-service security engineer at cybersecurity company AppOmni.

There has been no indication yet that the information was accessed by any users with malicious intent.

The HSE confirmed the problem had arisen, pointing to the “time pressure” the Covid-19 vaccination campaign was under.

The breach came just months after over 100,000 patients had their personal data hacked in a major breach of the health service’s computer systems.

It said the problem had been remedied the day it was alerted to it.

“If someone accessed data, we would be able to see this in the detailed logs which we analysed,” the HSE said in a statement.

Speaking on the root cause of the leak, Mr Costello said: "The vaccination portal, built on top of Salesforce, allowed any individual to sign up to the portal through a self-registration form. In Salesforce nomenclature, this particular type of portal is known as a Lightning Community or Digital Community.

"Unfortunately, the individuals who had configured the profile’s permissions had accidentally granted the profile an unprecedented level of access to the Health Cloud object that is responsible for storing information specifically about vaccination administration.

"Thankfully, the ability to see everyone’s vaccination administration details was not immediately obvious to regular users who were using the portal as intended."

More in this section

Man sentenced for 'ferocious assault' outside Conor McGregor's pub Man sentenced for 'ferocious assault' outside Conor McGregor's pub
Taoiseach condemns ‘reckless strike’ on peacekeeping base in Lebanon Taoiseach condemns ‘reckless strike’ on peacekeeping base in Lebanon
Alleged squatter granted anonymity and disputes 'no right' to be in property Alleged squatter granted anonymity and disputes 'no right' to be in property
Covid-19HSECovid vaccineCybersecuritySalesforcedata leak
Ireland coat of arms

Motor inspection firm seeks to restrain salvage business from preventing access to vehicles

READ NOW

Sponsored Content

The power of the G licence The power of the G licence
Happy couple receiving new house keys from real estate agent Time to get to grips with changes in rental laws
Boatbuilder turned engineer proves alternative paths can lead to success Boatbuilder turned engineer proves alternative paths can lead to success

Latest

EL car logoThe Echo logo
The Echo paper

DELIVERED TO YOUR HOME FOR FREE

FREE HOME DELIVERY SERVICE

The Echo paper
SIGN UP TODAY
Contact Us Cookie Policy Privacy Policy Terms and Conditions

© Examiner Echo Group Limited

Add Echolive.ie to your home screen - easy access to Cork news, views, sport and more