The website's supplier, the Sowerby Centre for Health Informatics at Newcastle (SCHIN), said it did not know how long security vulnerabilities that forced the site's closure last month had existed.
But it reassured GPs that regular testing of the nine-year-old site had mitigated any risk to personal data.
SCHIN chief executive Professor Ian Purves defended the DoH's decision to close the website after criticism from GPs. He said the DoH acted correctly to protect data belonging to the site's 27,000 users. ‘This situation is an example of good practice,' he said.
The DoH said it conducts quarterly security checks on its websites, but it is unclear how often these checks were made before mid-2009 when current IT security plans were adopted.
The DoH said it has ‘no reason' to suspect other DoH sites shared this vulnerability.
Many GPs have complained about the timing of the closure, with appraisals needing to be complete by the end of March.
Hampshire GP Dr Caroline Kennedy-Cooke wasted several hours uploading data for her appraisal only for the site to close. ‘It would have been much better to have had more notice - 24 hours would have allowed a back-up,' she said.
The DoH apologised but said this would have increased the likelihood of a security breach.
- Read this week's edition of GP newspaper dated 5 March for the full version of this story.