https://blog.systmadeinc.com/nhs-investigating-how-api-flaw-exposed-patint-data/