NHS hit with wave of scam emails at height of COVID-19 pandemic

NHS Digital said its cybersecurity teams were working hard to keep patient data secure as attackers continued to target under-pressure services.
Written by Owen Hughes, Senior Editor

NHS staff were hit with a wave of malicious email attacks at the height of the COVID-19 pandemic, with doctors, nurses and other key workers reporting over 40,000 spam and phishing attacks between March and the first half of July.

Data from NHS Digital obtained through a Freedom of Information request sent by UK think tank, Parliament Street, revealed that NHS staff reported 21,188 malicious emails in March alone. In April, 8,085 emails were reported by staff, with 5,883 emails reported in May, 6,468 in June and 1,484 in the first half of July.

The data only includes emails that were reported to spamreports@nhs.net – the official NHSmail reporting address – meaning the actual number of attempted email attacks on the NHS is likely to be higher.

SEE: 'There's no going back after COVID-19' - Inside the unexpected tech revolution at the NHS

Neil Bennett, chief information security officer at NHS Digital, said the increase in reporting showed that NHS staff were "taking seriously their responsibilities to keep information safe".

Bennett said: "This is an unprecedented time for the NHS, including the cybersecurity and IT teams who are continuing to work hard in all NHS organisations to keep patient data and systems secure to support the delivery of safe patient care. 

"As part of NHS Digital's cybersecurity operations, we collaborate with all areas of the system to ensure they are aware of potential threats. This includes highlighting the need for staff to report suspicious emails by raising awareness through our Keep I.T. Confidential campaign."

The global pandemic has brought with it a sharp increase in the number of coronavirus-related cyberattacks from criminals looking to exploit the widespread confusion and uncertainty the pandemic has created.

Both the UK's National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA) have both warned that under-pressure services involved in the response to coronavirus have been targeted.  

In June, NHS Digital reported that more than 113 NHSmail mailboxes had been compromised and used to send malicious emails to external recipients.

St Helens and Knowsley Hospitals NHS Trust issued a warning to staff about scammers that were impersonating employees and sending emails to HR and payroll departments, asking them to change the bank accounts their salaries were paid into.

The hospital warned of additional phishing attacks that invited employees to click on malicious links to verify their details and ensure they received their paycheck.

SEE: Security Awareness and Training policy (TechRepublic Premium)  

Jake Moore, cybersecurity specialist at ESET, warned that the NHS faced a second wave of attacks once information around potential vaccines for COVID-19 started to surface, with the current work-from-home scenario making the situation particularly problematic.

"Many people are still working from home in the NHS, and must remain vigilant to the constant threats," Moore added.

"As phishing emails continue to be the most prominent vehicle to infiltrate or disrupt systems, I would urge staff to verify every email they receive."

Bennett said that NHS Digital had published additional advice and guidance for NHS staff around cybersecurity best practice while working remotely.

Editorial standards