Editor, work technology
Getty picturesNHS, a special medical services company of patient information is “Viewer” claims that are sensitive to hacking according to a software defect.
The defect was found in Medefer, which manages 1500 NHS patient recommendations in November.
The software engineer found in the defect believes that the problem is available for at least six years.
Medefer says there is no evidence that the deficit is long and the patient’s information is not broken.
Fixed a few days after the defect detection.
In late February, the company was instructed to exercise information management systems to implement the review.
An NHS spokesman said: “We are looking at the concerns raised on Medefer and we will move out if necessary.”
Medefer’s system allows patients to order virtual meetings with doctors and access the relevant patient information of these clinics.
However, the program error discovered in November was sensitive to the internal patient record system sensitive to Medefer’s hackers.
The software engineer who did not want to be called shocked from what he opened.
“When I found me, I thought it couldn’t be just ‘no.’
The problem was in the program called APIS (Application Programming Interface), which allows different computer systems to speak with each other.
The engineer says that this API was not properly guaranteed in Medefer and could potentially be obtained by outsiders who can see their patient information.
He said that the company could not necessarily know that the patient information was taken from the MEDERER, but without the full investigation.
“I worked in organizations, albeit something like this, the whole system would be taken immediately,” he said.
To detect the defect, the engineer said that the company said that he said he was an external cyber security specialist to investigate the problem.
Medefer said that the foreign security agency has found no evidence of any information violation and confirms that the information systems are currently safe.
This is the “extremely open” the process of investigating and correction of the API defective, he said.
Medefer said this issue was not an ICO (commissioner commission) and the CQC (Quality Commission), “Transparency Interests” and ICO’s approval.
In October, the engineer who was contracted to test defects in the company’s Software left the company in January.
In a statement, Dr. Bahman Nedjat-Shokouhi, CEO of the founder and CEO, “No patient information has no evidence to violate our system.”
In November, the defect was found and confirmed that an amendment was developing in 48 hours.
“Foreign Security Agency claimed that this defect could provide access to the information of large amounts of patients.
The security agency will complete the review after this week.
Dr. Nedjat-Shokouhi added: “We take our responsibilities to patients and NHS very seriously. Every year, we spend regular external security inspections of our systems by independent foreign security agencies.”
Getty picturesSeeing the information provided by the Software Engineer, cyber specialists said they were worried.
“There is a possibility of storing information that is not as reliable as the construction of the MEDERER,” said Surrey University Cancerist Specialist Prof. Alan Woodward.
“The database can be encrypted and all other measures are taken, but if there is a way to obtain a API, anyone who knows how to potentially get.”
Another specialist, Medefer’s high-sensitive, medical information, the company has to buy in cyberectimuty experts as soon as the problem is identified.
“If the company does not result in a matter of information, especially the information of nature, especially if the investigation and approval of nature, especially in the qualified exercise, Scott Helme.
Medefer was established in 2013 by Dr. Nedjat-Shokouhi, was established to improve the outpatient care. Since then, its technology was used by the NHS’s trust in the country.
The statement came from the NHS spokesman that these trusts are responsible for their contracts with the private sector.
“Individual NHS organizations should meet legal responsibility and national information security standards to protect patient information while determining suppliers, and we offer a national support and training.”
