The Day Health and Social Care Went Off-line in Scotland

Prof Bill Buchanan OBE FRSE
5 min readJul 27, 2018

If there’s one area of on-line trust that we need most, it is in health and social care. Our health care environment needs to move into the usage of digital services. We thus need to be sure that the sites we are connecting to are valid and can be trusted. Unfortunately a large majority of health and social care Web sites in Scotland now either do not support HTTPs or have problems with their setup.

Google have been warning organisations for over a year that they will start to mark sites as being insecure, and it has finally implemented it. Unfortunately a large majority of the existing health sites will be marked as insecure, and citizens will not be able to access them unless they have alternative browsers.

The following have no HTTPs on their site:

And these have problems with their configuration, and are blocked by Chrome:

There are multiple reasons for HTTPs Capability Scotland, for example, has a rather strange certificate on its domain, and certainly does not match its host (

The Flying Start NHS site has a domain name of [here]:

Organisations need to learn that they cannot be sloppy with the domain name on the certificate. For Graduate Management Training Scheme NHS (at a .nhs site), we have: has a certificate that has timed-out [here]:

The site even has the certificate on it [here]:

Health Facilities Scotland NHS is named as having a domain of [here]

This certificate appears in other places, such as on the HIV Wakeup site:

HeartStroke Tayside has a self signed certificate [here]:

Lanarkshire Cancer Information Service (LCIS)

NHS Careers

NHS Education for Scotland

Skills for Health

This is just an outline finding, there are many more problems with these sites, including being vulnerable to Heartbleed, Poodle and a range of other things. Many, too, are still supporting old protocols and browsers (and which open-up a whole host of problems).


We must build a digital infrastructure for our public services, and HTTPs provides a core part of this trust. For so many sites to fail a basic implementation shows a lack of forward planning.



Prof Bill Buchanan OBE FRSE

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. Based in Edinburgh. Old World Breaker. New World Creator. Building trust.