back to article Roche exposes medical details on website

The medical testing arm of pharmaceutical giant Roche has exposed the personal and medical details of UK customers on its website. The firm has admitted the security breach but has not explained how it happened. Customers who had registered their details with Roche Diagnostics received the first edition of an email newsletter …


This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    what about the FDA?

    Never mind the information commissioner, what about the FDA? I'm pretty certain that all computer systems used by pharma companies need to be validated and documented to an FDA standard

  2. Anonymous Coward
    Anonymous Coward


    That would be the US Food and Drug Administration then? Not sure if they have jurisdiction in the UK...

  3. Anonymous Coward
    Anonymous Coward

    Not as bad as it sounds...

    The problem was that they used a recycled link in an email that went to a specific user's information, with the ability to update the data on that page. At most, anyone who clicked the link was able to see the details of only the last person to enter data, not everyone's on the email list. It isn't as big of a breech as this article makes it out to be.

  4. Anonymous Coward
    Anonymous Coward

    This is sensitive personal data

    "Not as bad as it sounds" is like saying you are "just a little bit pregnant". This is a binary issue. The data leaked or it did not leak. Period.

    The data leaked.

    The data that leaked included medical details.

    This is contrary to the Data Protection Act 1998.

    This "not as bad as it sounds" comment sounds like an attempt to whitewash this. Roche was trusted with that data. It proved itself to be untrustworthy by its actions.

  5. Anonymous Coward
    Anonymous Coward

    FDA and equivalent UK Body

    FDA do have some jurisdiction in the uk, in that they can audit Pharma sites. However the UK has an equivalent called the MHRA (Medicines and Health Regulatory Agency) which will have the power to look in to this. Regardless the websystem will have probably been assessed and not requiring validation and therefore wont have been, hence the leak. I would guess that this will be changed ...

This topic is closed for new posts.

Other stories you might like