We look at the key lessons learned from a recent incident, focusing on how legacy systems can create significant cyber security risks if not properly managed
CREDIT: This is an edited version of an article that originally appeared in Digital Health
In early 2026, an incident was identified involving an independent GP practice within the remit of NHS Greater Glasgow and Clyde (NHSGGC), where a legacy website had been compromised and was found to be linking to adult content and illegal sports streaming platforms. The issue was brought to attention and subsequently investigated, prompting a coordinated response from NHSGGC’s cyber security team alongside Public Services Delivery Scotland’s Cyber Centre of Excellence.
What Happened
The affected GP practice site was compromised by external actors, who were able to insert or redirect content to inappropriate and unauthorised external sources. As a result, users accessing the site were exposed to material unrelated to healthcare services, including adult content and illegal streaming links.
While there was no immediate evidence to suggest that patient data had been accessed or breached, the incident raised serious concerns about…
