We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Bug in Irish Vaccination Portal Exposed Data of One Million

Bug in Irish Vaccination Portal Exposed Data of One Million
Author Image Husain Parvez
Husain Parvez Published on 17th March 2024 Cybersecurity Researcher

A significant security flaw in the Irish Health Service Executive's (HSE) COVID-19 vaccination portal, which exposed the vaccination records of approximately a million people, has been disclosed after a two-year delay. The vulnerability, discovered by security researcher Aaron Costello in December 2021, allowed anyone registering on the HSE vaccination portal to access other users' health information.

This information included full names, vaccination details, and reasons for administering or refusing vaccines, among other data. "Thankfully, the ability to see everyone’s vaccination administration details was not immediately obvious to regular users who were using the portal as intended," remarked Costello in a statement shared with TechCrunch.

The portal, developed using Salesforce's health cloud, was found to have granted registered users excessive permissions, leading to the exposure. Costello, who now works as a principal security engineer at AppOmni, highlighted the severity of the flaw, noting that it also compromised access to internal HSE documents.

Despite the potential for misuse, detailed access logs reviewed by the HSE showed that "no unauthorized accessing or viewing of this data" occurred. Thankfully, the HSE responded swiftly to the alert, with spokesperson Elizabeth Fraser stating, "We remediated the misconfiguration on the day we were alerted to it." However, the incident's delayed disclosure has raised questions about transparency.

According to ITPro, the vulnerability was discovered just months after a major ransomware attack on the HSE, which was described by the minister of state for public procurement and eGovernment, Ossian Smyth, as "possibly the most significant cyber attack on the Irish State." This attack led to the shutdown of all HSE IT systems nationwide and caused months of disruption, with costs estimated to exceed €100 million.

This breach highlighted significant security lapses in the handling of sensitive health data. Similarly, in the Netherlands, Coronalab's unprotected database leaked 1.3 million records, including detailed COVID-19 test data and sensitive information. These incidents underscore the urgent need for robust cybersecurity measures in the management of health data.

About the Author

Husain Parvez is a Cybersecurity Researcher and News Writer at vpnMentor, focusing on VPN reviews, detailed how-to guides, and hands-on tutorials. Husain is also a part of the vpnMentor Cybersecurity News bulletin and loves covering the latest events in cyberspace and data privacy.