Online 'backdoor' used by 2,700 to schedule vaccinations

ROYAL OAK, Mich. (AP) — About 2,700 people were able to use an online scheduling vulnerability to register out-of-turn for COVID-19 vaccinations, according to a Detroit-area health care system.
Beaumont Health said it has determined a user publicly shared an unauthorized pathway for scheduling.

“This allowed 2,700 people to ‘cut in line,’” the eight-hospital health system said Sunday in a release. “Beaumont is cancelling all the appointments that used the unauthorized pathway. Individuals who scheduled an appointment using the unauthorized ‘backdoor’ pathway will be notified that their appointment has been cancelled via the email they provided during the unauthorized scheduling process.”

Beaumont’s information technology team detected and shut down unusual activity Saturday on its Epic electronic medical record system. Personal medical records were not compromised, and users were not able to access hospital records, Beaumont said.

The issue will not affect properly scheduled vaccine appointments, it added.

Epic’s corporate office also was notified so it could communicate with other health systems to prevent this from occurring elsewhere.

“These appointments violate the ethical distribution framework Beaumont created based upon the state of Michigan’s mandatory vaccine guidelines,” said Hans Keil, Beaumont Health senior vice president and chief information officer. “We are also notifying the Michigan Hospital Association and other Michigan health systems about the issue.”