I don’t have any insider information so I’m just spitballing here :D but I have worked in health IT field before and I’m not even a little surprised that bugs like these exist - and have been exploited.

Poor authorisation handling bug is quite common. Authentication is largely a solved problem what with OAuth (not that a lot of NZ health IT providers use it… sigh) but each software developer still has to solve the problem of authorisation. And it’s just all too easy to forget that random IDs are not secure and are not even random.

Hmm for me it’s almost always in the new year or at the end of the year… so even this one fits the pattern.

Anyway, I think IT job market is finally picking up a tiny bit. Hopefully we’ll see more this year.

Happy new year.

I’m about to start a new job! Excited.