Re: It's still ongoing
> I advised the relevant IT contact and was told that the issue was fixed!
You work in/with NHS IT and this surprises you? I'm guessing the systems in question were one of the following:
1. Not known about by IT
2. Known about by IT, but the "business owner" was someone else (i.e. Somebody Else's Problem - we've done everything we can at our end guv)
3. "Fixed" by following some script, but no-one bothered to validate, monitor, or close the security hole afterwards.