A NHSmail account has been hijacked and used to launch a phishing attack to extract sensitive details from other NHS staff.
Digital Health News can reveal that a spam email was sent to thousands of NHSmail accounts on 1 December.
The email claimed to be from an “IT Support Team” and included links to phishing websites that asked the recipients to enter their “credentials and password”.
NHS Digital confirmed that email was sent from the compromised account of a real NHS staff member. The account was deactivated the same day, within an hour of NHS Digital becoming aware of the attack.
About 8,000 accounts received the email. So far there have been no reports of people falling for the phishing scam, but investigations were ongoing, an NHS Digital spokesperson said.
On 7 December, the incident remained a open as a “high severity service incident” on the NHSmail status page, with staff warned never to click on links to verify their account details.
The spokesperson said the ongoing risk was minimal but it was “not possible to state the full potential impact of phishing emails. Instances like these underline how important is for all staff to be aware of risks.”
Phishing emails usually rely on mass emails to deceive at least some of the recipients into volunteering sensitive information, such as passwords or credit card details.
Hijacking a trusted email address, such as an nhs.net email account, increases the probability that the email will not be blocked as spam and that people receiving the email will believed it is genuine.
The NHSmail system, which went through a major upgrade earlier this year, has about 1.2 million accounts. Accenture has the contract for the service, which is overseen by NHS Digital on behalf of the government.
It is not first time an NHSmail account has been compromised. Earlier this year an NHS Digital staff member fell victim to a spearfishing attack from a hacker claiming to be an old school friend, using information publicly available on social media.
In another incident in the past year, a trust’s servers were hacked and used to send 2 million spam emails.
During a speech in September, NHS Digital chief operating officer Rob Shaw said about 0.3 % of all traffic over the NHS N3 network was malicious, which was typical of other sectors, and 60% of mail sent over NHSmail was blocked.
Last year, NHS Digital established CareCERT (the Care Computing Emergency Response Team) to help improve cyber resilience across both individual trusts and the national NHS IT infrastructure.
NHS Digital is currently preparing to go out to tender for £1.5 million of additional cyber intelligence and IT services to support CareCERT.