The whistleblower who discovered people's private data could be seen on the Canterbury District Health Board's COVID-19 vaccination booking system says the breach is worse than the Government's letting on.
The Ministry of Health admitted on Saturday more than 700 people's details could have been viewed, including their name, gender, age, and NHI number. But the whistleblower, who wanted to remain anonymous, claims vaccine details could also be messed around with.
Bryce was set to get his first jab this week, but his private data was breached.
"It looks like it was absolute negligence by whoever it was that produced this system. It seems like an absolute rookie mistake that they could have been making here which could have been avoided," he says.
He was among the 714 Cantabrians whose details were exposed.
In a statement, the Ministry of Health suggested the breach only allowed patients to view other patient's appointment details. But the original whistleblower says it was worse than that
They say they were also able to cancel and change appointments - even moving them 100 years in the past. And the weakness was not a coding error like the Ministry says, but rather incompetence from the developer.
"This should be a real scandal," says Chris Bishop, the National Party's COVID-19 response spokesperson.
National wants an urgent review, especially since other regions were lined up to use the same offshore developer for their vaccine rollout.
"If people don't have faith that the booking system will keep their details secure, keep it private, they may not want to book in for a vaccine," Bishop says.
The whistleblower texted Health Minister Andrew Little and Dr Ashley Bloomfield directly on Friday night about the breach.
Little appeared to misconstrue the message, replying about nefarious exploitation of the pandemic, while Bloomfield hit back "thanks" and had the site taken down within 20 minutes.
This isn't the system that will be used by the general population when the vaccination reaches them in July.
Prime Minister Jacinda Ardern says the breach is "not a situation anyone wants".
"We're working closely with the DHB around what's happened here. But it doesn't seem to be an issue which has occurred in other DHBs, it seems particular to Canterbury's," she says.
She has promised the system for the general public will be ready and trustworthy in time.