The Day Health and Social Care Went Off-line in Scotland

Image for post
Image for post

If there’s one area of on-line trust that we need most, it is in health and social care. Our health care environment needs to move into the usage of digital services. We thus need to be sure that the sites we are connecting to are valid and can be trusted. Unfortunately a large majority of health and social care Web sites in Scotland now either do not support HTTPs or have problems with their setup.

Google have been warning organisations for over a year that they will start to mark sites as being insecure, and it has finally implemented it. Unfortunately a large majority of the existing health sites will be marked as insecure, and citizens will not be able to access them unless they have alternative browsers.

The following have no HTTPs on their site:

And these have problems with their configuration, and are blocked by Chrome:

There are multiple reasons for HTTPs Capability Scotland, for example, has a rather strange certificate on its domain, and certainly does not match its host (www.theguarentee.org):

Image for post
Image for post

The Flying Start NHS site has a domain name of conventionedinburgh.com [here]:

Image for post
Image for post

Organisations need to learn that they cannot be sloppy with the domain name on the certificate. For Graduate Management Training Scheme NHS (at a .nhs site), we have:

Image for post
Image for post

Handsonscotland.com has a certificate that has timed-out [here]:

Image for post
Image for post

The playfieldinstitute.co.uk site even has the handsonscotland.co.uk certificate on it [here]:

Health Facilities Scotland NHS is named as having a domain of whitespacers.com [here]

Image for post
Image for post

This certificate appears in other places, such as on the HIV Wakeup site:

Image for post
Image for post

HeartStroke Tayside has a self signed certificate [here]:

Image for post
Image for post

Lanarkshire Cancer Information Service (LCIS) https://www.lcis.org.uk

Image for post
Image for post

NHS Careers https://www.careers.nhs.scot

Image for post
Image for post

NHS Education for Scotland https://www.nes.scot.nhs.uk

Image for post
Image for post

Skills for Health https://www.skillsforhealth.org.uk/

Image for post
Image for post

This is just an outline finding, there are many more problems with these sites, including being vulnerable to Heartbleed, Poodle and a range of other things. Many, too, are still supporting old protocols and browsers (and which open-up a whole host of problems).

Conclusions

We must build a digital infrastructure for our public services, and HTTPs provides a core part of this trust. For so many sites to fail a basic implementation shows a lack of forward planning.

Written by

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. EU Citizen. Auld Reekie native. Old World Breaker. New World Creator.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store