NHS Scotland-linked domains caught serving pr0n and dodgy sports streams

What happened

It has been reported that multiple domains tied to Scottish GP practices were discovered pushing links to adult sites and illicit sports streams after a researcher noticed an influx of spammy landing pages indexed by Google. Nick Hatter, a former cybersecurity engineer, flagged a domain associated with The New Surgery in Kilmacolm that was serving the dodgy links; it has been reported that some of the poisoned pages date back to January. The Register notes the scot.nhs.uk namespace for one affected subdomain appears connected to a US-based web developer, which allegedly served as a guise for the illicit content.

Official response

NHS Greater Glasgow and Clyde says its cybersecurity team is working with Public Services Delivery Scotland’s Cyber Centre of Excellence to support the independent GP practice involved, and it has been reported that there is no evidence the practice’s primary site or broader NHS Scotland systems were compromised. Scott Barnett, the CISO for Public Services Delivery Scotland, told reporters the CCoE is investigating and that, at present, no personal or sensitive data exposure is known. Lerwick GP Practice was also flagged; in that case it has been reported that the live practice domain itself was serving the links.

Why it matters

This isn’t just an embarrassing hiccup. Patients expect NHS web addresses to be safe. When subdomains or legacy sites go stale they become low-hanging fruit for opportunistic abuse — credential theft, DNS tampering, or simple neglect can open the door, a point underscored by University of Surrey professor Alan Woodward, who asked whether attackers stole admin credentials to add redirects. So what’s the fix? Audit and shut down unused subdomains, rotate credentials, and treat legacy sites like ticking time bombs. No one wants adult content where appointment details should be — and that betrayal of trust is the real sting here.

Sources: The Register