Hackers set up fake NHS website to spread malware