Security concerns around NHS Highland's outdated website

A Scottish health board has said its website was the cause for potential security concerns because of its outdated infrastructure.

NHS Highland said sensitive information was not at risk, but services such as virtual appointments could be disrupted if the site was down.

It is in the process of moving to a more up-to-date infrastructure.

But The Times has reported claims NHS Highland's contract for the work was an "advert to cyber criminals", external.

The health board's notice in Public Contracts Scotland said the technical architecture was "obsolete" and its outdated infrastructure rendered "key search and analytics features inoperable, the website largely un-editable by staff, and its security compromised".

The notice said redeveloping the NHS Highland website could not be deferred any longer.

A spokeswoman for the health board said the website did not hold or directly link to any sensitive information, such as patient details.

She said: "Security concerns are more centred around a potential disruption to service, for example in accessing the NearMe virtual appointment service, which could occur if the site were down.

"We have alternative arrangements we can put in place, should this happen."

The spokeswoman added: "We take security very seriously and for that reason are keen to move to a more up to date web infrastructure which can be easily supported."

Scottish Conservative MSP Miles Briggs, who raised concerns about cyber attacks at Holyrood last year, said the health board had left itself "open to attack".

He said: "Cyber security attacks are becoming an ever-increasing problem for public sector organisations and robust measures must be taken to protect against any potential threats."

In 2017, NHS Highland was one of 11 health boards hit by a global ransomware attack.

The incidents were thought to be part of a wider attack affecting organisations in about 100 countries around the world.