While I was busy stressing out over where I will match on Friday, I received an email from the NRMP this afternoon, the organization responsible for running the match. It read: “Earlier today the NRMP received notice that some Main Residency Match applicants were able to view their match results before the results were released if they right-clicked their Home Page in the Registration, Ranking, and Results (R3) system. Immediately upon learning of this situation, we took steps to assure that this can no longer occur. We are investigating to determine how such premature access was possible.”
My investigative journalism training kicked into high gear as I turned to the Internet to find some answers. How was this possible? How many people found out? And most importantly, how did I miss it?!
The answer was easy to find. On Monday March 17 (“Match Monday”) at 9:08 PM, an anonymous user named “nVictus” posted the following message on a student doctor network forum:
As you can imagine, this created QUITE a stir, as medical students around the country have been waiting, stressed out of their minds, about where they will be assigned to go to residency for the next 4-7 years. A flurry of online activity ensued, as medical students already pushed to the brink took to their browser’s source codes to figure out their futures. Apparently the programmers “preloaded” the match homepage source code with the information of where people match, so that once the magic time hits on Friday, they can easily change everyone’s NRMP homepages to reveal the new result. What they didn’t realize? That there are medical students out there who are combing every detail of the site to figure out anything they can ahead of time. Several took it upon themselves to poll all of their friends to assess the accuracy of this method.
Similarly the same trick was posted on Reddit, multiple email lists, and another online thread for international medical graduates.
Much to everyone’s dismay, an applicant ended up posting about this little trick on the NRMP facebook page, resulting in the NRMP taking down their website for a few hours to fix this little problem. People are not happy, and a couple posts on the forums even reveal the name and Facebook page of the student who “tattled.” I sincerely hope he’s not getting too much negative attention from his amped up colleagues right now.
After the NRMP site came back up, medical students banded together to figure out how to access cached versions of their browser’s history. Others took to Facebook and even (this is crazy…) change.org to create a petition to release the residency match results early.
So far the change.org petition has 22 supporters, with comments such as “I want to plan my life” and “For one, participants that know their Match results now have almost a week’s head start on the housing markets in the areas of their residency programs while the rest of us are forced to continue to wait for no legitimate reason.”
I personally find this whole drama entertaining, as I imagine the original poster of the trick spending hours playing around with the website before stumbling upon the source code. A lot of applicants voiced concern over the possibility of more serious security breaches that could reveal our SSN’s and other personal information, but honestly, I think hackers have way bigger targets to chase than a bunch of debt ridden medical school students who are now even more broke after applying to residency. Just my two cents.
Good luck to everyone on Friday! I can’t wait