NHS reported tens of thousands of malicious emails in one month

Data from NHS Digital has revealed the health service received tens of thousands of malicious emails in just in one month during the height of the coronavirus pandemic.

An FOI request from think tank, Parliament Street, revealed the NHS received nearly 30,000 malicious emails in March and April 2020.

Some 21,188 malicious emails were reported to the official NHSmail reporting address between 1 and 31 March, 8,085 during April before beginning to decline with 5,883 in May, 6,468 in June and 1,484 in the first two weeks of July.

Neil Bennett, chief information security officer at NHS Digital, said: “This is an unprecedented time for the NHS, including the cyber security and IT teams who are continuing to work hard in all NHS organisations to keep patient data and systems secure to support the delivery of safe patient care.

“Globally, there has been an increase in cyber security threats since the coronavirus (Covid-19) pandemic started – the National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA) have previously warned that organisations involved in the response to coronavirus have been targeted.

“As part of NHS Digital’s cyber security operations, we collaborate with all areas of the system to ensure they are aware of potential threats. This includes highlighting the need for staff to report suspicious emails by raising awareness through our Keep I.T. Confidential campaign. We have also published additional advice and guidance for NHS staff around cyber security while remote working.

“We see staff reporting suspicious emails to us as a good thing and the rise in reporting shows that NHS staff are taking seriously their responsibilities to keep information safe.”

NHS Digital also said it has published guidance on home working and said it runs the Keep I.T. Confidential campaign.

More information on cyber security threats during coronavirus and support from NHS Digital can be found here