Thousands of visitors the the NHS Choices site bombarded with malware after a coding error let a Czech hacker in by the back door

 

Thousands of patients trying to access health advice on the NHS Choices website were bombarded with adverts and malware – potentially stealing personal information from their computers – due to a coding error yesterday.

Users of the site posted links to hundreds of pages which had caused the problems over Sunday night and Monday morning - although the issue is now fixed.

One user, called Muzzers, wrote on the social website Reddit: “While attempting to access flu shot information I stumbled upon a page which redirected me to an advertisement. Digging a bit deeper I found hundreds more pages which redirect to either an advertisement or malware infested page.”

About 800 pages were thought to be affected.

The Health and Social Care Information Centre, which runs the site, was quick to downplay the damage, claiming that the site had not been compromised by a hacker.

A spokeswoman said a simple misplaced letter s in a domain name embedded in the code was responsible. A developer had typed googleaspis.com instead of googleapis.com.

The spokeswoman added that on Sunday night someone in the Czech Republic registered the misspelled domain name meaning patients were redirected to a rogue site from which the adverts and malware were sent.

In a statement the HSCIC said: “An internal coding error has caused an incorrect re-direct on some pages on NHS Choices since Sunday evening. Routine security checks alerted us to this problem on Monday morning at which point we identified the problem and corrected the code.

“We are now ‘flushing through’ this correction to ensure that the code on all affected pages is amended and expect this to be completed this afternoon.

“We can confirm that this problem has arisen due to an internal coding error and that NHS Choices has not been maliciously attacked.

The spokeswoman also stressed that no patient data was at risk and that they were carrying out a “thorough and detailed analysis to ensure that a full code review is undertaken and steps put in place to ensure no reoccurrence".

The HSCIC spokeswoman added: "NHS Choices has conducted an investigation of the adverts that some users were taken to and found nothing malicious on the initial adverts that came up. However, as an additional precaution we intend to supplement our usage information with 'cyber smart' guidelines."

Internet security expert Graham Cluley cast doubt on the official explanation however, and said that anyone who had inadvertently downloaded malware could be at risk from viruses or having the personal information stored on their hard drives accessed.

“I’m surprised by that explanation,” he said. “What often happens is that a hacker will find a weak point and inject a piece of code to exploit it, and set up a domain name. If the explanation is correct then whoever registered the domain name in the Czech Republic must have scanned the code, which few do, or registered numerous sites in the hope of getting lucky. Also, programmers tend to cut and paste domain names rather than type them out, which is laborious. Either way, there is a normally a through audit to spot these things and make sure links work before going live.

He added: “More importantly, what has been compromised is people’s computers. Anyone who used that site may have had malware injected on to their home computers that is able to access their personal information. So there should be warnings that anyone who accessed the rogue site could have problems. Today the NHS should be about computer health and that computers could be compromised.”

Mr Cluley also said that any crime committed would be an offence against the home user by the person in the Czech Republic.

Voices
voicesGood for Lana Del Rey for helping kill that myth, writes Grace Dent
News
The University of California study monitored the reaction of 36 dogs
sciencePets' range of emotions revealed
Life and Style
fashion Designs are part of feminist art project by a British student
Arts and Entertainment
The nomination of 'The Wake' by Paul Kingsnorth has caused a stir
books
PROMOTED VIDEO
Life and Style
ebookA wonderful selection of salads, starters and mains featuring venison, grouse and other game
News
Snoop Dogg pictured at The Hollywood Reporter Nominees' Night in February, 2013
people... says Snoop Dogg
News
i100
Life and Style
food + drinkZebra meat is exotic and lean - but does it taste good?
Arts and Entertainment
Residents of Derby Road in Southampton oppose filming of Channel 4 documentary Immigration Street in their community
tv
Voices
voicesSiobhan Norton on why she eventually changed her mind
Arts and Entertainment
The Tour de France peloton rides over a bridge on the Grinton Moor, Yorkshire, earlier this month
film
News
i100
Extras
indybest
Sport
Scottish singer Susan Boyle will perform at the Commonwealth Games opening ceremony in Glasgow
commonwealth games
Arts and Entertainment
Dwayne 'The Rock' Johnson stars in Hercules
filmReview: The Rock is a muscular Davy Crockett in this preposterous film, says Geoffrey Macnab
Life and Style
tech
Independent
Travel Shop
the manor
Up to 70% off luxury travel
on city breaks Find out more
santorini
Up to 70% off luxury travel
on chic beach resorts Find out more
sardina foodie
Up to 70% off luxury travel
on country retreats Find out more
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    VB.Net Developer

    £35000 - £45000 per annum + competitive: Progressive Recruitment: If you're pa...

    SAP Business Consultant (SD, MM and FICO), £55,000, Wakefield

    £45000 - £55000 per annum + competitive: Progressive Recruitment: SAP Business...

    Java Developer

    £40000 - £60000 per annum + competitive: Progressive Recruitment: My client, a...

    SAP Functional Consultant (SD, MM and FICO), £45,000 - £55,000.

    £45000 - £55000 per annum + Benefits: Progressive Recruitment: SAP Functional ...

    Day In a Page

    Noel Fielding's 'Luxury Comedy': A land of the outright bizarre

    Noel Fielding's 'Luxury Comedy'

    A land of the outright bizarre
    What are the worst 'Word Crimes'?

    What are the worst 'Word Crimes'?

    ‘Weird Al’ Yankovic's latest video is an ode to good grammar. But what do The Independent’s experts think he’s missed out?
    Can Secret Cinema sell 80,000 'Back to the Future' tickets?

    The worst kept secret in cinema

    A cult movie event aims to immerse audiences of 80,000 in ‘Back to the Future’. But has it lost its magic?
    Facebook: The new hatched, matched and dispatched

    The new hatched, matched and dispatched

    Family events used to be marked in the personal columns. But now Facebook has usurped the ‘Births, Deaths and Marriages’ announcements
    Why do we have blood types?

    Are you my type?

    All of us have one but probably never wondered why. Yet even now, a century after blood types were discovered, it’s a matter of debate what they’re for
    Honesty box hotels: You decide how much you pay

    Honesty box hotels

    Five hotels in Paris now allow guests to pay only what they think their stay was worth. It seems fraught with financial risk, but the honesty policy has its benefit
    Commonwealth Games 2014: Why weight of pressure rests easy on Michael Jamieson’s shoulders

    Michael Jamieson: Why weight of pressure rests easy on his shoulders

    The Scottish swimmer is ready for ‘the biggest race of my life’ at the Commonwealth Games
    Some are reformed drug addicts. Some are single mums. All are on benefits. But now these so-called 'scroungers’ are fighting back

    The 'scroungers’ fight back

    The welfare claimants battling to alter stereotypes
    Amazing video shows Nasa 'flame extinguishment experiment' in action

    Fireballs in space

    Amazing video shows Nasa's 'flame extinguishment experiment' in action
    A Bible for billionaires

    A Bible for billionaires

    Find out why America's richest men are reading John Brookes
    Paranoid parenting is on the rise - and our children are suffering because of it

    Paranoid parenting is on the rise

    And our children are suffering because of it
    For sale: Island where the Magna Carta was sealed

    Magna Carta Island goes on sale

    Yours for a cool £4m
    Phone hacking scandal special report: The slide into crime at the 'News of the World'

    The hacker's tale: the slide into crime at the 'News of the World'

    Glenn Mulcaire was jailed for six months for intercepting phone messages. James Hanning tells his story in a new book. This is an extract
    We flinch, but there are degrees of paedophilia

    We flinch, but there are degrees of paedophilia

    Child abusers are not all the same, yet the idea of treating them differently in relation to the severity of their crimes has somehow become controversial
    The truth about conspiracy theories is that some require considering

    The truth about conspiracy theories is that some require considering

    For instance, did Isis kill the Israeli teenagers to trigger a war, asks Patrick Cockburn