NHS Greater Glasgow and Clyde’s cyber security team is working with a GP after his website was linked to adult content and illegal sports broadcasts.
In recent days, several links to illicit content from a domain belonging to The New Surgery in Kilmacolm, near Glasgow, have appeared on Google.
Nick Hatter, a former cybersecurity engineer, alerted The Register to the issue that appears to be caused by an attack on the domain name system or a compromised WordPress configuration.
A spokesperson for NHS Greater Glasgow and Clyde, which oversees The New Surgery, said: “The NHS Greater Glasgow and Clyde cyber security team is working with Public Services Delivery Scotland’s Cyber Center of Excellence to support an independent GP practice after it was informed that a legacy website had been compromised.
“This affects a legacy website that was created and managed independently by the GP, and there is no evidence that the practice’s main website, nor any NHS Scotland system locally or nationally, has been compromised.”
NHS Scotland’s Cyber Center of Excellence has been made aware of the issue and is working to understand the cause of the issue and ensure it has been contained.
Scott Barnett, chief information security officer at Public Services Delivery Scotland, said: “At this time, we are not aware of any exposure of personal or sensitive data as a result of this incident.
“There is also no evidence that the practice’s main website, nor any NHS Scotland systems locally or nationally, were compromised.”
The website’s scot.nhs.uk namespace appears to be owned by a US-based web developer as a pretext for the illegal content it now hosts.
Hatter, a former cybersecurity engineer, alerted The Register that the site had been hijacked.
Hatter, who first spotted the issue, said that the domains currently in use by Lerwick GP Practice and the Levenwick’s medical practice located in the Shetland Islands has also been compromised.
In an email, shared with Digital health newssaid: “What’s really worrying is that at any time, the attacker could easily change those compromised URLs to point to a phishing website, and the fact that it’s on a scot.nhs.uk domain would improve credibility. “It’s quite worrying.
“Also, in my opinion, as a former cyber security engineer, many more NHS Scotland practices are vulnerable to attacks, assuming more use a WP engine or similar WordPress setup.
“The compromised URLs are only the ones that Google has indexed; there could be many more lurking.”
Commenting, said cybersecurity expert Dr. Saif Abed, Founding Partner and Director of The AbedGraham Group. Digital health news: “What on the surface appears to be an isolated incident may actually indicate a deeper level of compromise within NHS Scotland systems that clearly requires investigation.
“The wider issue is that the NHS digital footprint continues to grow and legacy assets, when combined with interoperability, provide a perfect gateway to compromise systems and escalate attacks that threaten public health and national security.”
