The UK’s National Health Service (NHS) website has been redirecting users to a malware-infested websites.
Reddit user Muzzers noticed that more than 800 pages of the NHS website were either redirecting users to an advertisement or malware-laden websites.
The NHS insisted that the website had not been hacked, but an ‘internal coding error’ caused the error. “An internal coding error has caused an incorrect redirect on some pages on NHS Choices since Sunday evening,” said NHS in a statement.
“Routine security checks alerted us to this problem on Monday morning at which point we identified the problem and corrected the code,” NHS added.
The coding error was due to a typo when a developer accidentally wrote “googleaspis.com” instead of “googleapis.com.” The typo was not noticed until the domain was registered by someone in the Czech Republic and used it to push malware.
The NHS has also revealed that once it ensures that the coding error has been resolved across the website, it will conduct a full review of the site and will put into place steps that will ensure that such issues do not happen again.