East Londoners nicked under Computer Misuse Act after NHS vaccine passport app sprouted clump of fake entries

App runs off a database, and databases are run by humans

British police have made a series of arrests over the past few months after people with apparent access to NHS databases allegedly sold fake vaccination status entries on the NHS vaccine passport app.

This week the Metropolitan Police's Cyber Crime Unit declared it had arrested three men after an unidentified NHS trust "noticed a suspicious pattern on some online vaccination records", according to Essex newspaper the Yellow Advertiser.

Two men, aged 23 and 27 and said to be from Ilford in east London, were arrested on suspicion of committing Computer Misuse Act offences. A third man, also from Ilford, was similarly arrested as part of a separate, unconnected investigation. Police raided houses and seized various electronic devices, the force said in a statement sent to The Reg.

Detective Superintendent Helen Rance said: "The staff at both trusts did the right thing and reported their concerns, which has allowed us to fully investigate the circumstances. I want to reassure the public that no systems were hacked into from outside of the NHS networks and the integrity of the NHS systems remains robust."

Jake Moore, global cybersecurity advisor of antivirus firm ESET and a one-time head of digital forensics for Dorset Police, told us: "This is a huge moment for local cyber crime teams who often get a lot of flak for barely being able to tackle even a small percentage of digital crime under limited resources and a lack of centrally held money."

He continued: "Although this wasn't a remote attack, these particular arrests highlight the significance of an insider for such an operation to occur under the radar. Notable surges are often driven by the ease at which criminal gangs can operate but are often far from sloppy in their process. The next step, of course, will be if the police can locate enough digital evidence to prosecute."

The Computer Misuse Act makes it a criminal offence to access a computer system without authorisation. The latest arrests follow a Mail on Sunday investigation in October, where it claimed to have unmasked a Briton using a Telegram account to sell fake vaccine passport entries. Earlier this year the Guardian published a feature highlighting the growing global trade in fake vaccination status passports and apps.

Demand for forged papers could increase after MPs voted to make vaccine passports mandatory this week, with the latest legal regulations being explained by the BBC.

The NHS vaccine passport app was greenlighted in May, despite civil liberties campaigners warning it risked creating social divisions between antivax conspiracy theorists, people opposed to vaccine passports themselves and supporters of the scheme.

Those opposed to vaccine passports have highlighted previous government promises that vaccine passports wouldn't be used as a mandatory condition of entry to social venues, soon ditched when it saw the passports would be useful for slowing the spread of harmful COVID-19 variants.

NHS England's treatment of patients' personal data during the pandemic has been murky. Palantir, the US surveillance tech business, popped up at the heart of NHS data flows – with the state-owned health organisation being curiously unwilling to say how much data was being handed to Palantir or why. As that was happening, the NHS was also preparing to launch the "biggest data grab" in its history, moving GP patient data from their local surgeries to a central repository. This was temporarily delayed after a public outcry.

Meanwhile the NHS England's former tech arm, NHSX, declared that data harvested from people's phones by its contact-tracing app would be stored for unspecified "research". Having become synonymous with the semi-consensual harvesting and resale of patient data, NHSX was later rebranded as the NHS England Transformation Directorate in November 2021. ®

Narrower topics

Other stories you might like

  • Engineer sues Amazon for not covering work-from-home internet, electricity bills
    And no, I'm not throwing out this lawsuit, says judge

    Amazon's attempt to dismiss a lawsuit, brought by one of its senior software engineers, asking it to reimburse workers for internet and electricity costs racked up while working from home in the pandemic, has been rejected by a California judge.

    David George Williams sued his employer for refusing to foot his monthly home office expenses, claiming Amazon is violating California's labor laws. The state's Labor Code section 2802 states: "An employer shall indemnify his or her employee for all necessary expenditures or losses incurred by the employee in direct consequence of the discharge of his or her duties, or of his or her obedience to the directions of the employer."

    Williams reckons Amazon should not only be paying for its techies' home internet and electricity, but also for any other expenses related to their ad-hoc home office space during the pandemic. Williams sued the cloud giant on behalf of himself and over 4,000 workers employed in California across 12 locations, arguing these costs will range from $50 to $100 per month during the time they were told to stay away from corporate campuses as the coronavirus spread.

    Continue reading
  • Shanghai lockdowns to end, perhaps easing tech supply chain woes
    China needs this as much as the rest of the world

    China’s largest city, Shanghai, will this week all-but end its COVID-19 lockdowns on Wednesday, and by doing so may smooth some of the kinks in the world’s technology supply chains.

    Limited lockdowns commenced in Shanghai during mid-March, before April escalations imposed city-wide restrictions that have remained in place ever since.

    Shanghai is a major manufacturing hub, so the lockdowns have caused considerable pain. Cisco, for example, Cisco warned of disruption to supplies of parts it needs for power supplies. The likes of Foxconn, Tesla, and Toyota, have all ceased or slowed production. Chinese chipmaker SMIC kept production ticking over by having staff move either into its plants, or into a COVID-free zone around its plants.

    Continue reading
  • AI-designed COVID-19 drug nominated for preclinical trial
    Treatment could stop coronavirus from replicating inside body

    Updated An oral medication designed by scientists with the help of AI algorithms could one day treat patients with COVID-19 and other types of diseases caused by coronaviruses.

    Insilico Medicine, a biotech startup based in New York, announced on Tuesday it had nominated a drug candidate for preclinical trials – the stage before you start testing it on humans.

    Today's mRNA vaccines boost the body's immunity to COVID-19 by aiding the generation of antibodies capable of blocking the virus's spike protein, stopping the bio-nasty from infecting cells. The small molecule developed by Insilico, however, is used to treat people already infected, and works by preventing the coronavirus from replicating.

    Continue reading
  • Nvidia shares tumble as China lockdown, Russia blamed for dent in outlook
    Sure, stonking server and gaming sales, but hiring and expenses to slow down, too

    Nvidia exceeded market expectations and on Wednesday reported record first-quarter fiscal 2023 revenue of $8.29 billion, an increase of 46 percent from a year ago and eight percent from the previous quarter.

    Nonetheless the GPU goliath's stock slipped by more than nine percent in after-hours trading amid remarks by CFO Colette Kress regarding the business's financial outlook, and plans to slow hiring and limit expenses. Nvidia stock subsequently recovered a little, and was trading down about seven percent at time of publication.

    Kress said non-GAAP operating expenses in the three months to May 1 increased 35 percent from a year ago to $1.6 billion, and were "driven by employee growth, compensation-related costs and engineering development costs."

    Continue reading

Biting the hand that feeds IT © 1998–2022