spam emailsNHS staff reported more than 137,000 spam or phishing emails last year, latest figures from NHS Digital show.

Obtained under the Freedom of Information Act, NHS employees reported 27,958 suspected phishing emails targeting their email service.

The emails encouraged recipients into sending across confidential data.

In addition, NHS staff received more than 109,400 suspected spam emails throughout the year.

Phishing attacks

The highest month for reported attacks was January 2020, where more than 29,350 malicious emails entered staff mailboxes. This included 4,895 phishing attempts and 24,460 spam reports.

And the next highest month was the peak of UK lockdown restrictions in response to the COVID-19 pandemic. This saw reports of 28,855 malicious emails, made up of 5,749 phishing attacks, and 23,106 spam emails.

However, the end of 2020 saw a steady drop, falling from 11,068 in April to 4,382 in December.

‘These figures are a reminder that when it comes to stealing confidential data and wreaking havoc, cyber criminals still consider our health service fair game,’ said Chris Ross, SVP, International at Barracuda Networks.

‘Unfortunately, these scam emails are often incredibly realistic, lulling the victim into a false sense of security to hand over passwords, patient records, and sensitive information by impersonating legitimate brands and even fellow employees.’

Suspicious third parties

He added: ‘With the global pandemic putting a huge strain hardworking doctors, nurses, and clinical staff, it’s absolutely vital that we properly protect email systems from outsider threats, to block malicious emails before they reach the inbox.

‘It is equally important for trusts to issue the necessary guidance about the risks associated with phishing attacks, so that staff are aware of the techniques associated used and can think twice before handing over important information to suspicious third parties.’


Story first published on Dentistry Online.