GPs warned on NHSmail phishing attacks

GP practices have been advised to watch out for phishing attacks on NHSmail after reports from two users of bogus attempts to obtain their username and password.

The BMA’s General Practitioner Committee issued advice to practices following the incident on 5 March.

A spokesperson for Connecting for Health said the incident was not a generalised phishing attack against NHSmail.

A statement issued to EHI Primary Care by Connecting for Health stated: “If the e-mail had been sent to all accounts, our e-mail hygiene and security measures would have detected it as spam. We did have reports from two users, who reported receiving bogus requests for their names and passwords from a source outside the NHS pretending to be the ‘NHS.net team’.

However, they did not respond to the attack. No patient data has been compromised at all.”

CfH said that following the reports the NHSmail team and supplier identified the location of the sender and blocked it. “Other technical measures have also been put in place to detect and deter these attacks,” the statement adds.

The CFH NHSmail team also issued an all user broadcast message after the phishing was detected. It stated: “A number of NHSmail users have recently received an email fraudulently claiming to be from the NHSmail team. The email asks users to send their name and password to an email address. Under no circumstances should you respond to any email or other form of communication requesting your password.

As an NHSmail user you will never be asked to reveal your password and any request to do so should be regarded as attempted identity theft.”

The GPC said all GPs and their staff should remember to watch out for any similar attacks, and report any such emails as soon as they see them.