Visitors to the NHS Choices website got more than they bargained for earlier this week as it was reported that various web links were redirecting visitors to advertising- and malware infested pages. It’s a little ironic that anyone trying to access information regarding their health could have ended up with a very sick computer to boot.
Around 800 links were affected. The issue was swiftly picked up and remedied, and the NHS was keen to point out this wasn’t down to a third party – it was in fact down to a typo in the links.
What this incident highlights is that no organisation’s website is immune to possible infection and exploitation. Also, these incidents aren’t necessarily down to deliberate attacks – they can be caused accidentally. As this incident demonstrates, by not testing URLs before ‘going live’ can result in a malicious threat for website visitors, as not all mistakes result in a harmless ‘page cannot be found’ message.
Though patient data was never at risk here, the end-user was. It could be argued that if this had been any other organisation, it is highly likely users would be reticent to return to the site for fear of further errors. Mistakes of this nature can have an impact on reputation and revenue, and could even incur financial penalties.
The lesson to be learnt is attention to all detail at all times, especially when writing website code, to avoid opportunistic infections.