The Register reports that a cybersecurity incident involving hijacked legacy domains belonging to Scottish medical practices has raised uncomfortable questions about credential security and abandoned web properties within the United Kingdom's protected National Health Service namespace.
Researcher Nick Hatter discovered that outdated URLs for The New Surgery in Kilmacolm and the Lerwick GP Practice are now surreptitiously redirecting visitors to adult material and pirated sports feeds, with some illicit links indexed by Google dating back to January.
While NHS Greater Glasgow and Clyde confirmed that no current systems or patient data were compromised, the breach underscores the risk posed by forgotten digital assets still tethered to the authoritative scot.nhs.uk domain.
Professor Alan Woodward of the University of Surrey suggested the manipulation likely required access to DNS controls, noting, "that suggests a deeper penetration than just one surgery being hacked." Officials are investigating whether compromised WordPress credentials or a vulnerable plugin allowed attackers to seize control of the legacy URLs, a scenario that amplifies the danger of shadow IT lingering within a closed, supposedly trusted governmental namespace.
Kelley Damore is Chief Content Officer at CyberRisk Alliance, where she leads content strategy across the company’s digital brands, research, communities and live events serving CISOs and security practitioners. At CyberRisk Alliance, she is focused on delivering 365-day engagement, trusted journalism and actionable insights to help security leaders navigate an increasingly complex threat landscape.
Kelley Damore is Chief Content Officer at CyberRisk Alliance, where she leads content strategy across the company’s digital brands, research, communities and live events serving CISOs and security practitioners. At CyberRisk Alliance, she is focused on delivering 365-day engagement, trusted journalism and actionable insights to help security leaders navigate an increasingly complex threat landscape.
An error occurred trying to play the stream. Please reload the page and try again.
CloseRegistering with SC Media is 100% free. Join tens of thousands of cybersecurity leaders today and gain access to the latest analysis shaping the global infosec agenda.
