diff --git a/backend/src/appointment/dependencies/auth.py b/backend/src/appointment/dependencies/auth.py
index f3fa13657..8d0058946 100644
--- a/backend/src/appointment/dependencies/auth.py
+++ b/backend/src/appointment/dependencies/auth.py
@@ -71,7 +71,7 @@ def get_admin_subscriber(
     admin_emails = os.getenv("APP_ADMIN_ALLOW_LIST")
 
     # Raise an error if we don't have any admin emails specified
-    if not admin_emails:
+    if not admin_emails or not user:
         raise InvalidPermissionLevelException()
 
     admin_emails = admin_emails.split(',')
diff --git a/backend/src/appointment/routes/auth.py b/backend/src/appointment/routes/auth.py
index 979e11a35..a319b5db7 100644
--- a/backend/src/appointment/routes/auth.py
+++ b/backend/src/appointment/routes/auth.py
@@ -284,7 +284,10 @@ def me(
 @router.post("/permission-check")
 def permission_check(subscriber: Subscriber = Depends(get_admin_subscriber)):
     """Checks if they have admin permissions"""
-    return subscriber.is_deleted
+    # This should already be covered, but just in case!
+    if subscriber.is_deleted:
+        raise validation.InvalidPermissionLevelException()
+    return True  # Covered by get_admin_subscriber
 
 
 # @router.get('/test-create-account')
diff --git a/backend/test/integration/test_auth.py b/backend/test/integration/test_auth.py
index 4cf5be317..77914b271 100644
--- a/backend/test/integration/test_auth.py
+++ b/backend/test/integration/test_auth.py
@@ -15,6 +15,18 @@ def test_me(self, with_db, with_client):
         assert data.get('secondary_email') is None
         assert data.get('preferred_email') == os.getenv('TEST_USER_EMAIL')
 
+    def test_permission_check_with_deleted_subscriber(self, with_client, with_db):
+        os.environ['APP_ADMIN_ALLOW_LIST'] = '@example.org'
+
+        with with_db() as db:
+            subscriber = repo.subscriber.get_by_email(db, os.getenv('TEST_USER_EMAIL'))
+            db.delete(subscriber)
+            db.commit()
+
+        response = with_client.post('/permission-check',
+                                    headers=auth_headers)
+        assert response.status_code == 401, response.text
+
     def test_permission_check_with_no_admin_email(self, with_client):
         os.environ['APP_ADMIN_ALLOW_LIST'] = ''