NHS staff are being warned about a rise in spear phishing attacks on the NHS mail system, with scammers masquerading as colleagues to elicit cash.

In an email sent to staff, seen by Digital Health News, NHS Digital’s mail team said there had been an increase in “fraudulent or ‘phishing’ emails being sent to NHSmail accounts, especially within GP practices”.

These fraudulent emails come from accounts set-up in the name of real people who work at GP practices, suppliers and CCGs, the email said.

These seemingly genuinely accounts are then used to target colleagues, sometime requesting the transfer of money to a UK bank account.

“These attacks can be difficult to spot as the attacker establishes an email trail and the user expects a response containing instructions, a link or an attachment to act upon.”

The email warns that users should not open any attachments or links, validate the identity of the sender through other means, such as a phone call, and report any offending emails to the NHSmail team.

NHS Digital has also listed the “social engineering targeting” attacks as an open critical incident on its NHSmail service page.

“The attacker uses the email account to target a staff member at the CCG/GP (for example a GP Practice Manager) to convince them to transfer funds to a UK bank account.”

In a statement provided to Digital Health News, a NHS Digital spokeswoman said the organisation was aware of only a “handful” of successful spear phishing attacks.

NHS staff had been alerted to this particular spate of phishing because of the “potential personal impact” of a successful attack.

“The type of spear phishing outlined in this email is very specific and is aimed at an individual user, rather than being an automated attempt to gain access to systems through spam. These approaches involve researching a potential victim.”

The NHS mail system blocked the vast majority of malicious email at “very early stage” and there was no reason to think the NHS was being singled out by cyber criminals, she said.

“Whilst national security measures do prevent the vast majority of malicious traffic, it is prudent to remind staff of their responsibility to keep information safe, and the steps they can take to achieve this.”

NHSmail hosts about 1.2 million accounts in England, Wales and Scotland for the NHS and associated organisations.

Last year the entire service migrated to a new platform, supplied by Accenture.

However, the switch has not been without its problems.

In November, a Croydon IT consultant mistakenly sent an email to 840,000 NHS accounts because of a technical fault in the new mail service. The flood of responses generated 500 million emails in less than two hours and nearly crashed the entire system.

In December, a genuine NHSmail account was compromised and used to launch a phishing attack on thousands of NHS accounts.

NHS leaders have expressed growing concerns about the cyber security threat posed to the NHS, much of which still relies on obsolete and vulnerable IT infrastructure.

Many NHS trusts are currently reviewing their cyber resilience in the light of these warnings and several high-profile cyber attacks.

Do you have more information about this story? Contact ben@digitalhealth.net