UK NHS website error redirects visitors to malware site

An ‘internal coding error’ on the NHS website redirected its users to malware-hit websites that pinched personal information from their PCs.

Hackers have flooded hundreds of URLs on the NHS website with malware, which reportedly compromised about 800 pages on the www.nhs.uk site sending users to websites that serve advertising and malware.

NHS said in a statement that the site had not been hit with malicious attacks and it had fixed the problem.

"An internal coding error has caused an incorrect redirect on some pages on NHS Choices since Sunday evening," the statement added.

"Routine security checks alerted us to this problem on Monday morning at which point we identified the problem and corrected the code."

"NHS Choices is treating this issue with urgency and once resolved we plan to undertake a thorough and detailed analysis to ensure that a full code review is undertaken and steps put in place to ensure no reoccurrence."

According to reports, hackers took advantage of ‘internal coding error’ that redirected users to the mistyped URL and then registered the mistyped URL to serve adverts and malware to inadvertently redirected visitors from the NHS Choices website since Sunday evening.

"Last night someone in the Czech Republic took ownership of the incorrectly spelt domain it was referring to; the correctly spelled one is actually owned by Google," the statement added.

"Although the typo existed in NHS Choices code, until the point the domain name was purchased, this was not causing any issues."

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing