02-03-2014 05:45 AM
THE UK NATIONAL HEALTH SERVICE (NHS) internet presence reportedly has been compromised, with over 800 website URLs having been hacked to serve malware or redirects to adverts.
A Reddit user who goes by the name of Muzzers spotted the attack, and claimed that there are over 800 NHS website URLs that have been compromised so far. At the time of writing it seems that the problem is still ongoing, so we'd advise avoiding NHS websites for now.
Muzzers said, "So while attempting to access flu shot information I stumbled upon a page which redirected me to an advertisement. Digging a bit deeper I found hundreds more pages which redirect to either an advertisement or malware infested page.
"It seems that many pages include these malicious script tags, which then kicks off the whole ordeal. Hiding the script under a malicious url googleaspis.com instead of a valid googleapis.com."
The NHS and Health and Social Care Information Center (HSCIC) have yet to respond to our request for comment. However, the NHS Choices Twitter account said that it is aware of the security issue, and is working on a fix.
Apologies to anyone having trouble navigating our website - we are aware of the issue and currently working to resolve it.
— NHS Choices (@NHSChoices) February 3, 2014
However, another Reddit user who allegedly works for the NHS IT department said, "I work in the NHS it dept, although no one here is dealing with it. They know and it's being actioned."
Until the issue is resolved, it's probably best to steer clear of all NHS websites. µ
02-04-2014 06:18 AM
NHS Website Not Hacked, Just Exploited
Over the weekend the UK's NHS Choices website started redirecting visitors to a website serving malware. First thoughts were that it had been hacked; but the NHS was quick to assure everyone that it had not been hacked – it was just a typo in the code that was being exploited.
The issue first came to public notice when 'Muzzers' posted a comment to Reddit. "So", he warned, "while attempting to access flu shot information I stumbled upon a page which redirected me to an advertisement. Digging a bit deeper I found hundreds more pages which redirect to either an advertisement or malware infested page. Visit at your own risk..."
'NHSChoices' quickly responded on Reddit. "An internal coding error has caused an incorrect re-direct on some pages on NHS Choices since Sunday evening. Routine security checks alerted us to this problem on Monday morning at which point we identified the problem and corrected the code."