States of Guernsey: A serious breach

Seen on the ThisIsGuernsey web site:

A MAJOR security flaw left exposed the whole of the States internet system and put at risk personal data belonging to individuals in a care home. At this stage, it is not known whether there has been any malicious access to the information.What was a catastrophe waiting to happen was drawn to the attention of Treasury and Resources, the department responsible, by this newspaper after contact from a Guernsey IT specialist working in the UK.

Having apparently tried to warn some years earlier of flawed security, he asked whether we could help to protect a site run on behalf of islanders and containing personal information.

After satisfying ourselves – without entering off-limits areas – that there was a likely problem, we arranged for a demonstration in front of the department’s senior IT staff of how easy it was to access confidential material.

When the whistle-blower navigated to a folder containing what he said were patient records, medical details and care procedures, one of the Treasury and Resources members snatched the mouse out of his hand and deleted the files.

Full story – ThisIsGuernsey

Another article in ThisIsGuernsey by Nicci Martel provides additional detail:

Care records of Maison Maritaine residents were among the information left exposed by a simple fault in all sites discovered by former local resident and website developer Marcus Cicero.

About the author: Dissent

Comments are closed.