Teiss reports:
The National Health Service (NHS) is investigating claims that an application programming interface (API) vulnerability at private healthcare provider Medefer left patient data exposed. The issue, initially raised by an IT whistleblower, has prompted scrutiny from the NHS, which has stated it will take further action if necessary.
Medefer, a virtual healthcare provider that offers online consultations through the NHS e-referral system (e-RS), confirmed the API flaw but emphasized that there is no evidence of data compromise. The vulnerability, which was discovered in November 2024, allowed unauthorized access to patient information stored in Medefer’s internal records system. The company has since fixed the flaw, reportedly within 48 hours of its discovery, but CEO and NHS consultant Dr. Bahman Nedjat-Shokouhi admitted uncertainty about how long the issue had existed.
Read more at Teiss.