The NHS is currently investigating a significant claim regarding a vulnerability in the application programming interface (API) of Medefer, a private healthcare provider. This vulnerability reportedly exposed patient data. It was initially brought to light by an IT whistleblower and has led to careful scrutiny by the NHS, which has threatened to act further if necessary. While Medefer has acknowledged the flaw and addressed it within 48 hours, they maintain that there is no evidence of any actual data compromise, though uncertainty remains about the duration of the issue prior to its discovery.
The NHS is investigating claims of an API vulnerability at Medefer that allegedly left patient data exposed, with a commitment to take further action if needed.
Medefer confirms an API flaw was discovered in November 2024 allowing unauthorized access to patient information, but emphasizes no evidence of actual data compromise.
Collection
[
|
...
]