The National Health Service is the publicly funded Healthcare System in the UK. Being such a large organization, they have an equally large database of websites that provide information to the public. Currently, they have 5000+ unique websites that are all managed independently from the NHS. Being managed independently raises huge concerns for the security of these pages.
Rob Aley, a friend of the blogger, was able to obtain a list of 5000 domains that the NHS was affiliated with. They put these domains in a text file and piped them into various auditing tools. One of them was WPScan, which is a script that pulls meta data from WordPress sites. From using this tool, he was able to grab “the version, what bugs [were] present, whether the site is [was] vulnerable the XSS, and all sorts of other interesting details.”
His results were shocking. Out of the 5000 websites he probed, 358 of those were running WordPress, 597 has XSS Vulnerabilities, 2000 had security bugs, and many were vulnerable to privileged escalation issues.
The remediation? Well, almost all of the websites were created by ONE third party company, which was notified of these flaws. “After repeated contact, and some hand holding,” they were able to fix most of the issues. There were also dozens of sites that were abandoned. The blogger urged for these pages to be taken down or at least updated.