A computer error has potentially allowed Canterbury COVID-19 vaccine patients to see the personal details of hundreds of other people booking appointments to receive the vaccine.
The Canterbury DHB has issued an apology for what it says was a coding error in the software used in a local Canterbury medical appointment system.
In a statement released on Saturday afternoon - during which it was revealed there was one new imported case and one new historical case - the Ministry of Health said while no private health information was available through the booking system, it was taken down on Friday night after being available to use from 8am the same day.
The exposed details included people's names, their gender, age and NHI number.
It said details of 716 individuals who had registered were potentially able to be viewed.
An investigation into the privacy breach is underway, the DHB said.
"All health services take the privacy of individuals very seriously," says Director-General of Health Dr Ashley Bloomfield.
"It is very unfortunate this has occurred and the Ministry and DHB have taken immediate steps to address the issue.
"The DHB will be contacting those affected, apologising directly and informing them of the actions now being taken."
The issue is limited to Canterbury DHB and to household members of frontline border workers invited to make appointments to be vaccinated, the Ministry of Health said.
"Both the Ministry and DHB are thanking a member of the public with strong technical skills for the prompt alert after they detected a security vulnerability in the code and then were able to view contact details of those who had already booked. At this stage, there is no evidence of any malicious breach, access to this information or sharing of it further and the DHB is investigating further," a statement from the Ministry of Health said.
The system will stay shut down till the issue is rectified and the system thoroughly tested.
RNZ
