NHS England investigating compromised GP websites
- 16 April 2026
- NHS England is investigating a cyber security issue which has caused several GP websites to link to adult content
- GP websites in Scotland have also been compromised
- The issue is thought to be related to an unpatched WordPress setup
NHS England is investigating a cyber issue which has caused several NHS providers’ websites to be linked to adult content.
GP surgery websites which have been compromised include Poplars Medical Practice, St Thomas Medical Group, Earnswood Medical Centre, South Axholme Practice, North End Medical Centre, Parson Drove Surgery, and Canterbury Medical Practice’s legacy site.
A spokesperson for NHS England said: “We are aware of a report alleging that a handful of NHS provider websites have been linked to illicit content.
“Our teams are investigating this as a matter of priority.”
Digital Health News reported last week that three GP surgeries linked to scot.nhs.uk had been linked to adult content and illegal sports streams.
NHS Greater Glasgow and Clyde’s cyber security team and the the NHS Scotland Cyber Centre of Excellence said that they were looking into the issue.
Nick Hatter, a former cyber security engineer, told Digital Health News: “My opinion as a former cyber security engineer is that this is likely a WordPress issue that potentially affects the NHS nationwide, so no NHS GP practice or hospital’s website is safe as long as they are using the same WordPress setup as the compromised GP practices.”
He said that it was most likely caused by an unpatched WordPress setup or a single unpatched WordPress plugin, rather than a zero-day exploit of WordPress.
“Another possibility, in my opinion, is that an NHS maintainer/web developer’s credentials have been leaked/exploited, and that same maintainer/developer has nationwide access to NHS practices’ websites across the country,” he added.
Hatter said that one URL on the NHS.UK domain is now redirecting to an adult game website and “many, many more NHS practices will likely be vulnerable”.
“The NHS need to conduct a full and in-depth security investigation and audit as soon as possible, and to consider either moving away from WordPress to a static-html setup, or failing that, making sure only the public get served static html pages.
“This is by far much more secure than WordPress, in my opinion,” he said.
NHS Greater Manchester Integrated Care Board (ICB) said that it had received no reports of a compromise relating to Poplars Medical Centre website and NHS Kent and Medway ICB confirmed they are still investigating but are not currently aware of any issue with Canterbury Medical Practice.
NHS Devon ICB and NHS Cheshire and Merseyside ICB directed us to the NHSE statement.
Digital Health News also contacted NHS Humber and North Yorkshire ICB, NHS West and North London ICB, NHS Cambridgeshire and Peterborough ICB, and the GP surgeries mentioned.
