IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

NHS flooded with 40,000 spam emails during coronavirus crisis

The volume of malicious emails reported was highest during the peak of the virus in March

NHS staff reported being inundated with 43,108 malicious emails during since the coronavirus crisis took shape this year, with half of these phishing attacks landing in inboxes during March alone.

A staggering 21,188 malicious emails targeted NHS workers during March and were reported to spamreports@nhs.net, according to Freedom of Information (FOI) data obtained from NHS Digital by the Parliament Street think tank.

This flood of attempting phishing attacks came during arguably the most precarious time for the NHS during the coronavirus crisis, with the number of phishing attempts dropping off in the following months.

Staff reported 8,085 malicious emails during April, followed by 5,883 reports in May and 6,468 in June. During the first two weeks of July, the latest period for which data is available, staff reported 1,484 to the NHS spam reporting inbox.

"This is an unprecedented time for the NHS, including the cyber security and IT teams who are continuing to work hard in all NHS organisations to keep patient data and systems secure to support the delivery of safe patient care," said chief information security officer at NHS Digital, Neil Bennett.

“As part of NHS Digital’s cyber security operations, we collaborate with all areas of the system to ensure they are aware of potential threats. This includes highlighting the need for staff to report suspicious emails by raising awareness through our Keep I.T. Confidential campaign. We have also published additional advice and guidance for NHS staff around cyber security while remote working.

“We see staff reporting suspicious emails to us as a good thing and the rise in reporting shows that NHS staff are taking seriously their responsibilities to keep information safe.”

The scale of attacks has rendered some modest success for cyber criminals, with NHS Digital confirming in June that 113 NHSmail inboxes were compromised between the weekend of 30 May to 1 June.

There was no evidence to suggest patient data was compromised, and NHS Digital suggested the compromise was part of a wider credential-harvesting phishing campaign targeting a broad range of UK organisations.

The influx of phishing emails chimes with data reported by organisations like the National Cyber Security Centre (NCSC), which received more than a million reports of email scans in just two months.

The likes of Google have also warned against a spike in phishing, with findings in April suggesting that approximately £2 million had been lost to coronavirus-related fraud in the UK alone.

Related Resource

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now

The UN has similarly warned against a 350% surge in phishing websites since the start of 2020, with criminals exploiting the disruption and economic hardships caused by COVID-19.

“The wealth of personal and financial data stored in NHS inboxes is a goldmine to potential hackers, who will use email scams to trick doctors, nurses, and frontline workers inadvertently handing over private information,” said Barracuda Networks’ SVP International, Chris Ross, comment on the news.

“After the WannaCry attack of 2017, the NHS did a great job in eradicating many of its cyber defence weaknesses, however, it’s important that they maintain this resilience and constantly keep up with the developing cyber threat facing them.”

Featured Resources

Join the 90% of enterprises accelerating to the cloud

Business transformation through digital modernisation

Free Download

Delivering on demand: Momentum builds toward flexible IT

A modern digital workplace strategy

Free download

Modernise the workforce experience

Actionable insights and an optimised experience for both IT and end users

Free Download

The digital workplace roadmap

A leader's guide to strategy and success

Free Download

Recommended

DHSC sets out ambitious targets for NHS App by 2023, beyond
Business strategy

DHSC sets out ambitious targets for NHS App by 2023, beyond

29 Jun 2022
Education and government most at risk from email threats
phishing

Education and government most at risk from email threats

26 Nov 2021
Secretary of State retires NHS Digital and NHSX
public sector

Secretary of State retires NHS Digital and NHSX

23 Nov 2021
Attackers use CSS to fool anti-phishing systems
phishing

Attackers use CSS to fool anti-phishing systems

11 Nov 2021

Most Popular

Raspberry Pi launches next-gen Pico W microcontroller with networking support
Hardware

Raspberry Pi launches next-gen Pico W microcontroller with networking support

1 Jul 2022
Xerox CEO John Visentin dies unexpectedly aged 59
Careers & training

Xerox CEO John Visentin dies unexpectedly aged 59

30 Jun 2022
Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022