Thousands of visitors the the NHS Choices site bombarded with malware after a coding error let a Czech hacker in by the back door

 

Thousands of patients trying to access health advice on the NHS Choices website were bombarded with adverts and malware – potentially stealing personal information from their computers – due to a coding error yesterday.

Users of the site posted links to hundreds of pages which had caused the problems over Sunday night and Monday morning - although the issue is now fixed.

One user, called Muzzers, wrote on the social website Reddit: “While attempting to access flu shot information I stumbled upon a page which redirected me to an advertisement. Digging a bit deeper I found hundreds more pages which redirect to either an advertisement or malware infested page.”

About 800 pages were thought to be affected.

The Health and Social Care Information Centre, which runs the site, was quick to downplay the damage, claiming that the site had not been compromised by a hacker.

A spokeswoman said a simple misplaced letter s in a domain name embedded in the code was responsible. A developer had typed googleaspis.com instead of googleapis.com.

The spokeswoman added that on Sunday night someone in the Czech Republic registered the misspelled domain name meaning patients were redirected to a rogue site from which the adverts and malware were sent.

In a statement the HSCIC said: “An internal coding error has caused an incorrect re-direct on some pages on NHS Choices since Sunday evening. Routine security checks alerted us to this problem on Monday morning at which point we identified the problem and corrected the code.

“We are now ‘flushing through’ this correction to ensure that the code on all affected pages is amended and expect this to be completed this afternoon.

“We can confirm that this problem has arisen due to an internal coding error and that NHS Choices has not been maliciously attacked.

The spokeswoman also stressed that no patient data was at risk and that they were carrying out a “thorough and detailed analysis to ensure that a full code review is undertaken and steps put in place to ensure no reoccurrence".

The HSCIC spokeswoman added: "NHS Choices has conducted an investigation of the adverts that some users were taken to and found nothing malicious on the initial adverts that came up. However, as an additional precaution we intend to supplement our usage information with 'cyber smart' guidelines."

Internet security expert Graham Cluley cast doubt on the official explanation however, and said that anyone who had inadvertently downloaded malware could be at risk from viruses or having the personal information stored on their hard drives accessed.

“I’m surprised by that explanation,” he said. “What often happens is that a hacker will find a weak point and inject a piece of code to exploit it, and set up a domain name. If the explanation is correct then whoever registered the domain name in the Czech Republic must have scanned the code, which few do, or registered numerous sites in the hope of getting lucky. Also, programmers tend to cut and paste domain names rather than type them out, which is laborious. Either way, there is a normally a through audit to spot these things and make sure links work before going live.

He added: “More importantly, what has been compromised is people’s computers. Anyone who used that site may have had malware injected on to their home computers that is able to access their personal information. So there should be warnings that anyone who accessed the rogue site could have problems. Today the NHS should be about computer health and that computers could be compromised.”

Mr Cluley also said that any crime committed would be an offence against the home user by the person in the Czech Republic.

News
The surrealist comedian at the Q Awards in 2010
people
News
Russell Brand arriving for the book launch in East London
peopleRussell Brand cancels his book launch debate due to concerns about the make-up of the panel
Sport
Christiano Ronaldo enjoys his opening goal
champions leagueLiverpool 0 Real Madrid 3: Ronaldo and Benzema run Reds ragged to avenge thrashing from their last visit to Anfield
Arts and Entertainment
Awesome foursome: Sam Smith shows off his awards
music22-year-old confirms he is 2014’s breakout British music success
PROMOTED VIDEO
Life and Style
ebooksA superb mix of recipes serving up the freshest of local produce in a delicious range of styles
Life and Style
ebooksFrom the lifespan of a slug to the distance to the Sun: answers to 500 questions from readers
Life and Style
Six of the 76 Goats' cheese samples contained a significant amount of sheep's cheese
food + drink
Arts and Entertainment
Contestants during this summer's Celebrity Big Brother grand finale
tvBroadcaster attempts to change its image following sale to American media group
Extras
indybest
Arts and Entertainment
Sir Nicholas Serota has been a feature in the Power 100 top ten since its 2002 launch
art
Arts and Entertainment
Sarah Dales attempts to sell British Breeze in the luxury scent task
tvReview: 'Apprentice' candidate on the verge of tears as they were ejected from the boardroom
News
Call me Superman: one of many unusual names chosen by Chinese students
newsChinese state TV offers advice for citizens picking a Western moniker
News
Wilko Johnson is currently on his farewell tour
people
Voices
New look: Zellweger at Elle's Women in Hollywood awards on Monday
voicesRenée Zellweger's real crime has been to age in an industry that prizes women's youth over humanity, says Amanda Hess
News
Let’s pretend: KidZania in Tokyo
educationKidZania lets children try their hands at being a firefighter, doctor or factory worker for the day
Life and Style
CHARGE BOOSTER: Aeroplane mode doesn't sound very exciting, but it can be a (phone) hacker's friend. Turning on the option while charging your mobile will increase the speed at which your phone battery charges
techNew book reveals how to rid your inbox of spam, protect your passwords and amplify your iPhone
Arts and Entertainment
Julianne Moore and Ellen Page are starring together in civil rights drama Freeheld
film
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Solutions Architect - Permanent - London - £70k DOE

    £60000 - £70000 Per Annum Excellent benefits: Clearwater People Solutions Ltd:...

    Technical Business Analyst/SQL Development - London - Permanent - £50k DOE

    £40000 - £50000 Per Annum Excellent benefits: Clearwater People Solutions Ltd:...

    Telecoms Engineer - Telecoms Admin - £35,000 - 5 month FTC

    £35000 per annum: Ashdown Group: 5 month Fixed Term Contract - Telecommunicati...

    Telecoms Engineer - Telecoms Administrator - London - £26,000

    £26000 per annum + 25 days holiday & further benefits: Ashdown Group: Telecomm...

    Day In a Page

    How could three tourists have been battered within an inch of their lives by a burglar in a plush London hotel?

    A crime that reveals London's dark heart

    How could three tourists have been battered within an inch of their lives by a burglar in a plush London hotel?
    Meet 'Porridge' and 'Vampire': Chinese state TV is offering advice for citizens picking a Western moniker

    Lost in translation: Western monikers

    Chinese state TV is offering advice for citizens picking a Western moniker. Simon Usborne, who met a 'Porridge' and a 'Vampire' while in China, can see the problem
    Handy hacks that make life easier: New book reveals how to rid your inbox of spam, protect your passwords and amplify your iPhone

    Handy hacks that make life easier

    New book reveals how to rid your email inbox of spam, protect your passwords and amplify your iPhone with a loo-roll
    KidZania lets children try their hands at being a firefighter, doctor or factory worker for the day

    KidZania: It's a small world

    The new 'educational entertainment experience' in London's Shepherd's Bush will allow children to try out the jobs that are usually undertaken by adults, including firefighter, doctor or factory worker
    Renée Zellweger's real crime has been to age in an industry that prizes women's youth over humanity

    'Renée Zellweger's real crime was to age'

    The actress's altered appearance raised eyebrows at Elle's Women in Hollywood awards on Monday
    From Cinderella to The Jungle Book, Disney plans live-action remakes of animated classics

    Disney plans live-action remakes of animated classics

    From Cinderella to The Jungle Book, Patrick Grafton-Green wonders if they can ever recapture the old magic
    Thousands of teenagers to visit battlefields of the First World War in new Government scheme

    Pupils to visit First World War battlefields

    A new Government scheme aims to bring the the horrors of the conflict to life over the next five years
    The 10 best smartphone accessories

    Make the most of your mobile: 10 best smartphone accessories

    Try these add-ons for everything from secret charging to making sure you never lose your keys again
    Mario Balotelli substituted at half-time against Real Madrid: Was this shirt swapping the real reason?

    Liverpool v Real Madrid

    Mario Balotelli substituted at half-time. Was shirt swapping the real reason?
    West Indies tour of India: Hurricane set to sweep Windies into the shadows

    Hurricane set to sweep Windies into the shadows

    Decision to pull out of India tour leaves the WICB fighting for its existence with an off-field storm building
    Indiana serial killer? Man arrested for murdering teenage prostitute confesses to six other murders - and police fear there could be many more

    A new American serial killer?

    Police fear man arrested for murder of teen prostitute could be responsible for killing spree dating back 20 years
    Sweetie, the fake 10-year-old girl designed to catch online predators, claims her first scalp

    Sting to trap paedophiles may not carry weight in UK courts

    Computer image of ‘Sweetie’ represented entrapment, experts say
    Fukushima nuclear crisis: Evacuees still stuck in cramped emergency housing three years on - and may never return home

    Return to Fukushima – a land they will never call home again

    Evacuees still stuck in cramped emergency housing three years on from nuclear disaster
    Wildlife Photographer of the Year: Intimate image of resting lions claims top prize

    Wildlife Photographer of the Year

    Intimate image of resting lions claims top prize
    Online petitions: Sign here to change the world

    Want to change the world? Just sign here

    The proliferation of online petitions allows us to register our protests at the touch of a button. But do they change anything?