An "internal coding error" has been blamed after the web front-end to Britain's National Health Service (NHS) sent visitors to unrelated malware and advertising sites.
The bug saw more than 800 web links on the nhs.uk website send visitors to websites showing advertising and malware.
It was fixed by the NHS Health and Social Care Information Centre (HSCIC) on Monday afternoon.
HSCIC said an “internal coding error” caused users to be sent to a mistyped URL. It alleged the owner of the mistyped URL likely took advantage and registered the domain to serve ads and malware to the redirected NHS website visitors.
“We can confirm that this problem has arisen due to an internal coding error and that NHS Choices has not been maliciously attacked,” said a HSCIC spokeswoman on behalf of the NHS Choices website.
Cigital principal consultant Paco Hope said the incident was proof that developers need to be diligent, not just with their code, but with website links too.
“On the Internet, typos do not go nowhere," he said.
"In this case a simple typo pointed innocent users to the domain owned by the hacker who was prepared and just waiting."
At the time of writing, most of the links had been corrected by the NHS HSCIC.
.png&w=120&c=1&s=0)
Tech in Gov 2025
Forrester's Technology & Innovation Summit APAC 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
.jpg&h=271&w=480&c=1&s=1)
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
