NHS flooded with 40,000 spam emails during coronavirus crisis

The volume of malicious emails reported was highest during the peak of the virus in March

NHS staff reported being inundated with 43,108 malicious emails during since the coronavirus crisis took shape this year, with half of these phishing attacks landing in inboxes during March alone.

A staggering 21,188 malicious emails targeted NHS workers during March and were reported to spamreports@nhs.net, according to Freedom of Information (FOI) data obtained from NHS Digital by the Parliament Street think tank.

This flood of attempting phishing attacks came during arguably the most precarious time for the NHS during the coronavirus crisis, with the number of phishing attempts dropping off in the following months.

Staff reported 8,085 malicious emails during April, followed by 5,883 reports in May and 6,468 in June. During the first two weeks of July, the latest period for which data is available, staff reported 1,484 to the NHS spam reporting inbox.

"This is an unprecedented time for the NHS, including the cyber security and IT teams who are continuing to work hard in all NHS organisations to keep patient data and systems secure to support the delivery of safe patient care," said chief information security officer at NHS Digital, Neil Bennett.

“As part of NHS Digital’s cyber security operations, we collaborate with all areas of the system to ensure they are aware of potential threats. This includes highlighting the need for staff to report suspicious emails by raising awareness through our Keep I.T. Confidential campaign. We have also published additional advice and guidance for NHS staff around cyber security while remote working.

“We see staff reporting suspicious emails to us as a good thing and the rise in reporting shows that NHS staff are taking seriously their responsibilities to keep information safe.”

The scale of attacks has rendered some modest success for cyber criminals, with NHS Digital confirming in June that 113 NHSmail inboxes were compromised between the weekend of 30 May to 1 June.

There was no evidence to suggest patient data was compromised, and NHS Digital suggested the compromise was part of a wider credential-harvesting phishing campaign targeting a broad range of UK organisations.

The influx of phishing emails chimes with data reported by organisations like the National Cyber Security Centre (NCSC), which received more than a million reports of email scans in just two months.

The likes of Google have also warned against a spike in phishing, with findings in April suggesting that approximately £2 million had been lost to coronavirus-related fraud in the UK alone.

Related Resource

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now

The UN has similarly warned against a 350% surge in phishing websites since the start of 2020, with criminals exploiting the disruption and economic hardships caused by COVID-19.

“The wealth of personal and financial data stored in NHS inboxes is a goldmine to potential hackers, who will use email scams to trick doctors, nurses, and frontline workers inadvertently handing over private information,” said Barracuda Networks’ SVP International, Chris Ross, comment on the news.

“After the WannaCry attack of 2017, the NHS did a great job in eradicating many of its cyber defence weaknesses, however, it’s important that they maintain this resilience and constantly keep up with the developing cyber threat facing them.”

Featured Resources

Five lessons learned from the pivot to a distributed workforce

Delivering continuity and scale with a remote work strategy

Download now

Connected experiences in a digital transformation

Enable businesses to meet the demands of the future

Download now

Simplify to secure

Reduce complexity by integrating your security ecosystem

Download now

Enhance the safety and security of your people, assets and operations

Enable a true vision of security with an engineered solution based on hyperconverged and storage platforms

Download now

Recommended

Amazon and Microsoft join NHS project battling pandemic
Business operations

Amazon and Microsoft join NHS project battling pandemic

27 Mar 2020
Critical NHS cyber security checks suspended due to coronavirus response
cyber security

Critical NHS cyber security checks suspended due to coronavirus response

19 Mar 2020

Most Popular

Accenture ploughs $3 billion into cloud migration support group
digital transformation

Accenture ploughs $3 billion into cloud migration support group

17 Sep 2020
Google takes on Zoom with launch of Meet hardware
video conferencing

Google takes on Zoom with launch of Meet hardware

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020