NHS flooded with 40,000 spam emails during coronavirus crisis

The volume of malicious emails reported was highest during the peak of the virus in March

NHS staff reported being inundated with 43,108 malicious emails during since the coronavirus crisis took shape this year, with half of these phishing attacks landing in inboxes during March alone.

A staggering 21,188 malicious emails targeted NHS workers during March and were reported to spamreports@nhs.net, according to Freedom of Information (FOI) data obtained from NHS Digital by the Parliament Street think tank.

This flood of attempting phishing attacks came during arguably the most precarious time for the NHS during the coronavirus crisis, with the number of phishing attempts dropping off in the following months.

Staff reported 8,085 malicious emails during April, followed by 5,883 reports in May and 6,468 in June. During the first two weeks of July, the latest period for which data is available, staff reported 1,484 to the NHS spam reporting inbox.

"This is an unprecedented time for the NHS, including the cyber security and IT teams who are continuing to work hard in all NHS organisations to keep patient data and systems secure to support the delivery of safe patient care," said chief information security officer at NHS Digital, Neil Bennett.

“As part of NHS Digital’s cyber security operations, we collaborate with all areas of the system to ensure they are aware of potential threats. This includes highlighting the need for staff to report suspicious emails by raising awareness through our Keep I.T. Confidential campaign. We have also published additional advice and guidance for NHS staff around cyber security while remote working.

“We see staff reporting suspicious emails to us as a good thing and the rise in reporting shows that NHS staff are taking seriously their responsibilities to keep information safe.”

The scale of attacks has rendered some modest success for cyber criminals, with NHS Digital confirming in June that 113 NHSmail inboxes were compromised between the weekend of 30 May to 1 June.

There was no evidence to suggest patient data was compromised, and NHS Digital suggested the compromise was part of a wider credential-harvesting phishing campaign targeting a broad range of UK organisations.

The influx of phishing emails chimes with data reported by organisations like the National Cyber Security Centre (NCSC), which received more than a million reports of email scans in just two months.

The likes of Google have also warned against a spike in phishing, with findings in April suggesting that approximately £2 million had been lost to coronavirus-related fraud in the UK alone.

Related Resource

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now

The UN has similarly warned against a 350% surge in phishing websites since the start of 2020, with criminals exploiting the disruption and economic hardships caused by COVID-19.

“The wealth of personal and financial data stored in NHS inboxes is a goldmine to potential hackers, who will use email scams to trick doctors, nurses, and frontline workers inadvertently handing over private information,” said Barracuda Networks’ SVP International, Chris Ross, comment on the news.

“After the WannaCry attack of 2017, the NHS did a great job in eradicating many of its cyber defence weaknesses, however, it’s important that they maintain this resilience and constantly keep up with the developing cyber threat facing them.”

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Recommended

Panel Profile: MKUH NHS Foundation Trust CTO Craig York
chief technical officer (CTO)

Panel Profile: MKUH NHS Foundation Trust CTO Craig York

28 Sep 2020
Amazon and Microsoft join NHS project battling pandemic
Business operations

Amazon and Microsoft join NHS project battling pandemic

27 Mar 2020
Critical NHS cyber security checks suspended due to coronavirus response
cyber security

Critical NHS cyber security checks suspended due to coronavirus response

19 Mar 2020

Most Popular

Cisco acquires container security startup Banzai Cloud
Security

Cisco acquires container security startup Banzai Cloud

18 Nov 2020
macOS Big Sur is bricking some older MacBooks
operating systems

macOS Big Sur is bricking some older MacBooks

16 Nov 2020
46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020