Multiple domains associated with NHS Scotland have been compromised, according to cybersecurity expert Nick Hatter. The hijacked domains are being maliciously exploited to redirect traffic to adult websites and illegal sports streaming platforms.
The most severely affected site is 'The New Surgery' in Kilmacolm, near Glasgow. Investigations revealed that a long-abandoned domain belonging to the practice has been seized by attackers, who have used it to generate a flood of spam links within Google’s search index. Some of these malicious links date back as far as January of this year.
Vulnerabilities Affect Multiple Medical Sites
Beyond the legacy domain of The New Surgery, Hatter discovered similar irregularities involving a GP practice in Lerwick, Shetland. Unlike the situation in Kilmacolm, the issue in Lerwick has impacted the practice’s currently active official website.
NHS Greater Glasgow and Clyde (NHSGGC) stated that they are aware of the situation and are working with the Cyber Centre of Excellence at Public Services Delivery Scotland to resolve the issue. A spokesperson emphasized that the incident is confined to legacy websites held by independently operated practices, adding that there is currently no evidence of a broader breach of the primary clinic websites or the wider Scottish national healthcare infrastructure.
Scott Barnett, Chief Information Security Officer at Public Services Delivery Scotland, added that there is currently no indication that sensitive patient data has been compromised. Technical teams are working closely with the health boards to determine the root cause of the domain takeovers and to ensure all malicious content is thoroughly purged.
Snapshots from the Wayback Machine confirm that the domain was still serving as the official portal for The New Surgery as recently as 2019. This suggests that hackers have been exploiting these poorly managed, defunct domains for years, using them as technical springboards to promote illicit content.
Authorities are currently auditing the administrative access for these domains to prevent further malicious traffic redirection. The incident serves as a stark reminder of the security risks posed by the mismanagement of legacy digital assets within healthcare organizations.