Candidates’ details were freely available in MTAS security breach

Personal details of applicants involved in the already discredited MTAS system were available for all to see yesterday — until the Department of Health stepped in and closed the loophole which had allowed anyone to view the page without the need for a password.

Channel 4 News ran with the story yesterday, after discovering that the URL of the page containing all this information was not password protected.

Although this address should only have been known to those who were authorised to access the site — primarily those interviewing candidates — the URL was leaked. This made it possible for anyone who had been given that address to go straight to the page, bypassing the initial home page.

As soon as the Department of Health became aware of the security breach, early yesterday evening, they put a password on the page. But in the meantime confidential information about junior doctors — including their religion and sexual orientation — could have been viewed by anyone who knew the URL. 

Dr Jo Hilborne, chairman of the BMA Junior Doctors Committee, said it was a breach of security “on an appalling scale”.

“What little faith anyone had left in this shambolic system has just evaporated,” she said. “The ease with which anyone could have accessed highly sensitive information about thousands of people is frankly shocking.  The BMA has raised concerns about the security of the MTAS website on more than one occasion.  The Department of Health had months to put it right and failed.  There can be no excuse for this.