NHS flooded with 40,000 spam emails during coronavirus crisis


NHS staff reported being inundated with 43,108 malicious emails during since the coronavirus crisis took shape this year, with half of these phishing attacks landing in inboxes during March alone.

A staggering 21,188 malicious emails targeted NHS workers during March and were reported to spamreports@nhs.net, according to Freedom of Information (FOI) data obtained from NHS Digital by the Parliament Street think tank.

This flood of attempting phishing attacks came during arguably the most precarious time for the NHS during the coronavirus crisis, with the number of phishing attempts dropping off in the following months.

Staff reported 8,085 malicious emails during April, followed by 5,883 reports in May and 6,468 in June. During the first two weeks of July, the latest period for which data is available, staff reported 1,484 to the NHS spam reporting inbox.

"This is an unprecedented time for the NHS, including the cyber security and IT teams who are continuing to work hard in all NHS organisations to keep patient data and systems secure to support the delivery of safe patient care," said chief information security officer at NHS Digital, Neil Bennett.

“As part of NHS Digital’s cyber security operations, we collaborate with all areas of the system to ensure they are aware of potential threats. This includes highlighting the need for staff to report suspicious emails by raising awareness through our Keep I.T. Confidential campaign. We have also published additional advice and guidance for NHS staff around cyber security while remote working.

“We see staff reporting suspicious emails to us as a good thing and the rise in reporting shows that NHS staff are taking seriously their responsibilities to keep information safe.”

The scale of attacks has rendered some modest success for cyber criminals, with NHS Digital confirming in June that 113 NHSmail inboxes were compromised between the weekend of 30 May to 1 June.

There was no evidence to suggest patient data was compromised, and NHS Digital suggested the compromise was part of a wider credential-harvesting phishing campaign targeting a broad range of UK organisations.

The influx of phishing emails chimes with data reported by organisations like the National Cyber Security Centre (NCSC), which received more than a million reports of email scans in just two months.

The likes of Google have also warned against a spike in phishing, with findings in April suggesting that approximately £2 million had been lost to coronavirus-related fraud in the UK alone.


Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future


The UN has similarly warned against a 350% surge in phishing websites since the start of 2020, with criminals exploiting the disruption and economic hardships caused by COVID-19.

“The wealth of personal and financial data stored in NHS inboxes is a goldmine to potential hackers, who will use email scams to trick doctors, nurses, and frontline workers inadvertently handing over private information,” said Barracuda Networks’ SVP International, Chris Ross, comment on the news.

“After the WannaCry attack of 2017, the NHS did a great job in eradicating many of its cyber defence weaknesses, however, it’s important that they maintain this resilience and constantly keep up with the developing cyber threat facing them.”

Keumars Afifi-Sabet

Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.