NHS staff reported a wave of malicious emails at the height of the UK’s Covid-19 crisis in March and April 2020, according to Freedom of Information (FoI) data obtained by the Parliament Street think tank from NHS Digital.
The data revealed that 21,188 malicious emails were reported to the official NHSmail reporting address between 1 and 31 March 2020, and 8,085 during April, before beginning to taper off, with 5,883 reports in May, 6,468 in June, and 1,484 in the first two weeks of July.
Because the data comes from those emails that were reported, the true scale of email attacks on the NHS is almost certainly much higher.
Of particular concern, reported Parliament Street, were a number of payroll attacks in which NHS staff were lured to click on a malicious link to verify their personal details and receive their salaries. At one point, it said, the St Helens and Knowsley Teaching Hospitals NHS Trust on Merseyside took the step of warning staff of scam emails impersonating employees in emails to HR and payroll departments asking to have their bank account details changed.
Absolute Software vice-president Andy Harcup said: “With many healthcare workers and back office support staff dispersed due to lockdown and social distancing restrictions, it’s no surprise that malicious hackers are seeking to cash-in on the Covid-19 crisis.
“Increasingly, we’re seeing a variety of sophisticated attacks targeting email inboxes of people working from home, often using personal devices that fraudsters believe are poorly protected.
“These figures are a reminder of the risks posed to the NHS by malicious cyber criminals and it’s essential that IT chiefs ensure the entire fleet of mobile devices in use are completely secure, with encryption turned on and the ability to wipe or freeze laptops in the event of theft or loss.”
Chris Ross, Barracuda Networks international senior vice-president, described the data stored in the average NHSmail inbox as a goldmine for cyber criminals who were more than willing to exploit stressed and overworked clinical staff to inadvertently hand over their own or patient data.
“Our recent research revealed that there has been a spike in cyber criminals using official email domains, such as Gmail and Yahoo, to bypass inbox defences and trick users into revealing personal details by impersonating a colleague, manager, or trusted partner.
“This is why it is essential that organisations, especially those that manage significant quantities of sensitive information, invest in inbox defence software which leverages artificial intelligence to identify unusual senders and requests,” he said.
Ross added that the NHS had done an excellent job in addressing its cyber security weaknesses in the wake of the devastating WannaCry incident three years ago, but said it was important that this newfound resilience was maintained.
Back in June, NHS Digital reported that more than 100 of its NHSmail accounts were compromised and used to send malicious emails to external recipients.
NHS Digital CISO Neil Bennett, said: “This is an unprecedented time for the NHS, including the cyber security and IT teams who are continuing to work hard in all NHS organisations to keep patient data and systems secure to support the delivery of safe patient care.
“Globally, there has been an increase in cyber security threats since the coronavirus (Covid-19) pandemic started – the National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA) have previously warned that organisations involved in the response to coronavirus have been targeted.
“As part of NHS Digital’s cyber security operations, we collaborate with all areas of the system to ensure they are aware of potential threats. This includes highlighting the need for staff to report suspicious emails by raising awareness through our Keep IT Confidential campaign. We have also published additional advice and guidance for NHS staff around cyber security while remote working.
“We see staff reporting suspicious emails to us as a good thing and the rise in reporting shows that NHS staff are taking seriously their responsibilities to keep information safe,” he said.