The Day Health and Social Care Went Off-line in Scotland

The Day Health and Social Care Went Off-line in Scotland

If there’s one area of on-line trust that we need most, it is in health and social care. Our health care environment needs to move into the usage of digital services. We thus need to be sure that the sites we are connecting to are valid and can be trusted. Unfortunately a large majority of health and social care Web sites in Scotland now either do not support HTTPs or have problems with their setup.

Google have been warning organisations for over a year that they will start to mark sites as being insecure, and it has finally implemented it. Unfortunately a large majority of the existing health sites will be marked as insecure, and citizens will not be able to access them unless they have alternative browsers.

The following have no HTTPs on their site:

• Edinburgh Community Food Initiative https://www.ecfi.org.uk/
• Graduate Management Training Scheme https://www.mts.scot.nhs.uk
• Greater Glasgow & Clyde NHS https://www.nhsggc.org.uk/
• Lothian Health Services Archive https://www.lhsa.lib.ed.ac.uk/
• NHS Retirement Fellowship https://www.nhsrf.org.uk/
• Sandyford Initiative NHS Greater Glasgow & Clyde https://www.sandyford.org
• Tayside Regional Diabetes Network https://www.diabetes-healthnet.ac.uk

And these have problems with their configuration, and are blocked by Chrome:

• Ayrshire and Arran NHS https://www.nhsaaa.net
• Beatson West of Scotland Cancer Centre https://www.beatson.scot.nhs.uk
• West of Scotland Managed Clinical Networks for Cancer https://www.woscan.scot.nhs.uk
• Capability Scotland https://www.capability-scotland.org.uk/
• Chief Scientists Office https://www.cso.scot.nhs.uk
• Children With Exceptional Healthcare Needs https://www.cen.scot.nhs.uk
• Clinical Indicators Support Team https://www.indicators.scot.nhs.uk
• Community Pharmacy https://www.communitypharmacy.scot.nhs.uk
• Contract Management Team (NHSScotland IT Service Contract) https://www.cmt.scot.nhs.uk
• Edinburgh Sleep Centre -NHS Lothian https://www.sleep.scot.nhs.uk
• eHealth https://www.eHealth.scot.nhs.uk
• Evolving Practice https://www.evolvingpractice.org
• Everyone Matters https://www.workforcevision.scot.nhs.uk/
• Flyingstart NHS Developing confident https://www.flyingstart.scot.nhs.uk
• Fife NHS Area Drugs and Therapeutics Committee https://www.fifeadtc.scot.nhs.uk
• Grampian NHS https://www.nhsgrampian.org.uk
• Grampian NHS; General Practitioners https://www.nhsgrampian.org/nhsgrampian/gra_display_hospital.jsp
• Hands on Scotland https://www.handsonscotland.co.uk/
• Health Information Shop NHS Ayrshire &Arran https://www.healthinfoshop.scot.nhs.uk
• Health Facilities Scotland https://www.hfs.scot.nhs.uk
• Health Protection Scotland (formally SCIEH) https://www.hps.scot.nhs.uk/
• Heart and Stroke Information Point NHS Tayside https://www.heartstroketayside.org.uk
• Highland NHS https://www.nhshighland.scot.nhs.uk
• HIV Wake Up https://www.hiv-wakeup.org.uk
• IM & Now eHealth https://www.eHealth.scot.nhs.uk
• ISD Scotland (formerly Scottish Health Statistics) https://www.isdscotland.org/
• Lanarkshire NHS https://www.nhslanarkshire.org.uk
• Learning Disabilities Managed Care Network (SE Scotland) https://www.ldmcn.scot.nhs.uk
• Lanarkshire Cancer Information Service (LCIS) https://www.lcis.org.uk
• Managed Clinical Network for Cleft Lip & Palate https://www.cleftsis.scot.nhs.uk
• Managed Clinical Networks for Coronary Heart Disease Dumfries & Galloway https://www.mcn.scot.nhs.uk
• Moodjuice Forth Valley Self-Help Resources https://www.moodjuice.scot.nhs.uk
• National Brachial Plexus Injury Service https://www.brachialplexus.scot.nhs.uk
• National Diabetes Retinopathy Screening NHS Scotland https://www.brachialplexus.scot.nhs.uk
• National Patient Pathways https://www.pathways.scot.nhs.uk
• National Services Division (NSD) https://www.nsd.scot.nhs.uk
• National Services Scotland (NSS) Learning Centre https://www.nsslearning.scot.nhs.uk
• Neonatal and Paediatric Pharmacists Group https://www.nppg.scot.nhs.uk
• NES Dental Portal (login access) https://www.dentistryportal.scot.nhs.uk
• NHS Careers https://www.careers.nhs.scot
• NHS Education for Scotland https://www.nes.scot.nhs.uk
• NHS Healthcare Improvement Scotland https://www.nhshealthquality.org/
• NHS Inform https://www.nhsinform.co.uk
• NHS Lanarkshire Practice Development Centre https://www.lanpdc.scot.nhs.uk
• NHS Tayside Drug & Therapeutics Committee https://www.nhstaysideadtc.scot.nhs.uk
• NHSScotland Index Location Lookup https://www.natref.scot.nhs.uk
• NHSScotland Media Monitoring https://www.media.scot.nhs.uk
• NHSScotland Procurement (Internet ) https://www.nhsscotlandprocurement.scot.nhs.uk/
• NHSScotland Resource Allocation Committee (NRAC) https://www.nrac.scot.nhs.uk/
• Occupational Health and Safety Extra (OHSxtra) https://www.ohsxtra.scot.nhs.uk
• Playfield Institute https://www.playfieldinstitute.co.uk/
• Pay Modernisation; NHS Scotland https://www.paymodernisation.scot.nhs.uk
• PHOTONET Managed Clinical Network for Phototherapy in Scotland https://www.photonet.scot.nhs.uk
• Picture Archiving & Communication System (PACS) https://www.pacs.scot.nhs.uk
• Practitioner Services (PSD) https://www.psd.scot.nhs.uk
• Procurement Support Group https://www.bitsandbobs.scot.nhs.uk
• Property and Capital Planning Division https://www.pcpd.scot.nhs.uk
• Queen Elizabeth National Spinal Injuries Unit https://www.spinalunit.scot.nhs.uk
• Referral Guidelines (NHS Lothian) https://www.refhelp.scot.nhs.uk
• Rehabilitation Framework SE https://www.rehabilitationframework.scot.nhs.uk
• Scottish Arthroplasty Project https://www.arthro.scot.nhs.uk
• Scottish Birth Record Project https://www.sbr.scot.nhs.uk
• Scottish Care Information https://www.sci.scot.nhs.uk
• Scottish Clinical Information Management In Practice (SCIMP) https://www.scimp.scot.nhs.uk
• Scottish Diving Medicine https://www.sdm.scot.nhs.uk
• Scottish Government Health Directorate https://www.sehd.scot.nhs.uk
• Scottish Healthcare Supplies https://www.shs.scot.nhs.uk
• Scottish Hip Fracture Audit https://www.shfa.scot.nhs.uk
• Scottish Intercollegiate Guidelines Network (SIGN) https://www.sign.ac.uk/
• Scottish National Paediatric Retrieval Service https://www.snprs.scot.nhs.uk
• Scottish Ophthalmic Oncology Service https://www.soos.scot.nhs.uk
• Scottish Paediatric Renal Urology Network (SPRUN) https://www.sprun.scot.nhs.uk
• Scottish Prescribing Advisers Association (SPAA) https://www.spaa.scot.nhs.uk
• Scottish Public Health Observatory (ScotPHO) https://www.scotpho.org.uk/
• Scottish Renal Registry https://www.srr.scot.nhs.uk/
• Scottish Sarcoma Network https://www.ssn.scot.nhs.uk
• Scottish Society of Acute Pain Services (SSAPS) https://www.ssaps.scot.nhs.uk
• Scottish Stroke Care Audit https://www.strokeaudit.scot.nhs.uk
• Scottish Terms and Conditions Committee (STAC) https://www.stac.scot.nhs.uk
• Selective Use of Postoperative Radiotherapy aftEr Mastectomy (SUPREMO) https://www.supremo-trial.com
• Shetland NHS https://www.shb.scot.nhs.uk
• South East Scotland Cancer Network (SCAN) https://www.scan.scot.nhs.uk/
• State Hospitals Board for Scotland https://www.tsh.scot.nhs.uk
• Statement of Fees & Allowances to GPs (Red Book) https://www.sfa.scot.nhs.uk
• Steering Group For Specialist Children’s Services in Scotland https://www.specialchildrensservices.scot.nhs.uk
• Stroke NHS Scotland https://www.stroke.scot.nhs.uk
• Tayside NHS https://www.nhstayside.scot.nhs.uk
• Travax A to Z of Healthy Travel https://www.travax.scot.nhs.uk/
• Video Conferencing Facilities Search NHS Scotland https://www.videoconferencing.scot.nhs.uk/
• Visual Impairment Network for Children and Young People (VINCYP) https://www.vincyp.scot.nhs.uk/
• Waiting Times https://www.isdscotland.org/Health-Topics/Waiting-times/
• Western Isles NHS https://www.wihb.scot.nhs.uk
• Yellow Card Centre Scotland (previously CSM Scotland) https://www.yccscotland.scot.nhs.uk/

There are multiple reasons for HTTPs Capability Scotland, for example, has a rather strange certificate on its domain, and certainly does not match its host (www.theguarentee.org):

The Flying Start NHS site has a domain name of conventionedinburgh.com [here]:

Organisations need to learn that they cannot be sloppy with the domain name on the certificate. For Graduate Management Training Scheme NHS (at a .nhs site), we have:

Handsonscotland.com has a certificate that has timed-out [here]:

The playfieldinstitute.co.uk site even has the handsonscotland.co.uk certificate on it [here]:

Health Facilities Scotland NHS is named as having a domain of whitespacers.com [here]

This certificate appears in other places, such as on the HIV Wakeup site:

HeartStroke Tayside has a self signed certificate [here]:

Lanarkshire Cancer Information Service (LCIS) https://www.lcis.org.uk

NHS Careers https://www.careers.nhs.scot

NHS Education for Scotland https://www.nes.scot.nhs.uk

Skills for Health https://www.skillsforhealth.org.uk/

This is just an outline finding, there are many more problems with these sites, including being vulnerable to Heartbleed, Poodle and a range of other things. Many, too, are still supporting old protocols and browsers (and which open-up a whole host of problems).

Conclusions

We must build a digital infrastructure for our public services, and HTTPs provides a core part of this trust. For so many sites to fail a basic implementation shows a lack of forward planning.