NHS Greater Glasgow and Clyde’s cyber security team is working with a GP practice after its website was linked to adult content and illegal sports streams.
Several links to illicit content from a domain belonging to The New Surgery in Kilmacolm, near Glasgow have appeared on Google in recent days.
Nick Hatter, a former cyber security engineer, alerted The Register about the issue which appears to be caused by a Domain Name System attack or compromised WordPress setup.
A spokesperson for NHS Greater Glasgow and Clyde, which oversees The New Surgery, said: “NHS Greater Glasgow and Clyde’s cyber security team is working with Public Services Delivery Scotland’s Cyber Centre of Excellence to support an independent GP practice after being made aware that a legacy website had been compromised.
“This affects a legacy website that was independently set up and managed by the GP practice, and there is no evidence the practice’s primary website, or any NHS Scotland systems locally or nationally, were compromised.”
The NHS Scotland Cyber Centre of Excellence has been made aware of the issue and is working to understand the cause of the issue and to ensure it has been contained.
Scott Barnett, chief information security officer at Public Services Delivery Scotland, said: “At this time, we are not aware of personal or sensitive data exposure as a result of this incident.
“There is also no evidence the practice’s primary website, or any NHS Scotland systems locally or nationally, were compromised.”
The website’s scot.nhs.uk namespace appears to be owned by a US-based web developer as a guise for the illegal content it now hosts.
Hatter, a former cyber security engineer, alerted The Register, that the site had been hijacked.
Hatter, who first spotted the issue, said that the domains currently in use by Lerwick GP Practice and the Levenwick Medical Practice located in the Shetland Isles have also been compromised.
In an email, shared with Digital Health News, he said: “What’s truly concerning is that at any point, those compromised URLs could easily be changed by the attacker to point to a phishing website – and the fact it is on a scot.nhs.uk domain would enhance credibility. It’s pretty concerning.
“Additionally, in my opinion as a former cyber security engineer, many more NHS Scotland practices are vulnerable to attack, assuming more are using a similar WP Engine or WordPress setup.
“The compromised URLs are only the ones Google has indexed – there could be many more lurking.”
Commenting, cybersecurity expert Dr Saif Abed, founding partner and director at The AbedGraham Group, told Digital Health News: “What on the surface appears to be an isolated incident may in fact point to a deeper level of compromise within NHS Scotland’s systems which clearly requires investigation.
“The broader issue is that the digital footprint for the NHS continues to grow and legacy assets when coupled with interoperability provide a perfect gateway to compromise systems and scale attacks to threaten public health and national security.”
