NHS flooded with 40,000 spam emails during coronavirus crisis

The volume of malicious emails reported was highest during the peak of the virus in March

NHS staff reported being inundated with 43,108 malicious emails during since the coronavirus crisis took shape this year, with half of these phishing attacks landing in inboxes during March alone.

A staggering 21,188 malicious emails targeted NHS workers during March and were reported to spamreports@nhs.net, according to Freedom of Information (FOI) data obtained from NHS Digital by the Parliament Street think tank.

This flood of attempting phishing attacks came during arguably the most precarious time for the NHS during the coronavirus crisis, with the number of phishing attempts dropping off in the following months.

Staff reported 8,085 malicious emails during April, followed by 5,883 reports in May and 6,468 in June. During the first two weeks of July, the latest period for which data is available, staff reported 1,484 to the NHS spam reporting inbox.

"This is an unprecedented time for the NHS, including the cyber security and IT teams who are continuing to work hard in all NHS organisations to keep patient data and systems secure to support the delivery of safe patient care," said chief information security officer at NHS Digital, Neil Bennett.

“As part of NHS Digital’s cyber security operations, we collaborate with all areas of the system to ensure they are aware of potential threats. This includes highlighting the need for staff to report suspicious emails by raising awareness through our Keep I.T. Confidential campaign. We have also published additional advice and guidance for NHS staff around cyber security while remote working.

“We see staff reporting suspicious emails to us as a good thing and the rise in reporting shows that NHS staff are taking seriously their responsibilities to keep information safe.”

The scale of attacks has rendered some modest success for cyber criminals, with NHS Digital confirming in June that 113 NHSmail inboxes were compromised between the weekend of 30 May to 1 June.

There was no evidence to suggest patient data was compromised, and NHS Digital suggested the compromise was part of a wider credential-harvesting phishing campaign targeting a broad range of UK organisations.

The influx of phishing emails chimes with data reported by organisations like the National Cyber Security Centre (NCSC), which received more than a million reports of email scans in just two months.

The likes of Google have also warned against a spike in phishing, with findings in April suggesting that approximately £2 million had been lost to coronavirus-related fraud in the UK alone.

Related Resource

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now

The UN has similarly warned against a 350% surge in phishing websites since the start of 2020, with criminals exploiting the disruption and economic hardships caused by COVID-19.

“The wealth of personal and financial data stored in NHS inboxes is a goldmine to potential hackers, who will use email scams to trick doctors, nurses, and frontline workers inadvertently handing over private information,” said Barracuda Networks’ SVP International, Chris Ross, comment on the news.

“After the WannaCry attack of 2017, the NHS did a great job in eradicating many of its cyber defence weaknesses, however, it’s important that they maintain this resilience and constantly keep up with the developing cyber threat facing them.”

Featured Resources

How to choose an AI vendor

Five key things to look for in an AI vendor

Download now

The UK 2020 Databerg report

Cloud adoption trends in the UK and recommendations for cloud migration

Download now

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

Download now

The impact of AWS in the UK

How AWS is powering Britain's fastest-growing companies

Download now

Recommended

X-rated phishing attacks just keep growing
phishing

X-rated phishing attacks just keep growing

4 Jun 2021
eBay, Apple, Microsoft, Facebook, and Google were phishers’ top targets in 2020
phishing

eBay, Apple, Microsoft, Facebook, and Google were phishers’ top targets in 2020

20 Apr 2021
NHS adopts predictive AI tech from controversial startup
public sector

NHS adopts predictive AI tech from controversial startup

26 Apr 2021
NHS to digitise coronavirus testing with new Scandit deal
digital transformation

NHS to digitise coronavirus testing with new Scandit deal

8 Apr 2021

Most Popular

Q&A: Enabling transformation
Sponsored

Q&A: Enabling transformation

10 Jun 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

16 Jun 2021
Millions of Volkswagen customers affected by data breach
data breaches

Millions of Volkswagen customers affected by data breach

14 Jun 2021