Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

NHS email service fooled users in phishing attack

Written by  Jun 12, 2020

NHS Digital is contacting users of its NHSmail email system after a small number of mailboxes were compromised in a generic phishing attack and sent malicious emails out to external recipients over the last weekend of in May 2020.

The incident, which has been reported to the National Cyber Security Centre (NCSC), affected a total of 113 NHSmail accounts, which is approximately 0.008% of the total number of accounts on the network.

“We are aware that 113 NHSmail mailboxes were compromised and sent malicious emails to external recipients between Saturday 30 May and Monday 1 June 2020,” an NHS Digital spokesperson told Computer Weekly.

“There is currently no evidence to suggest that patient records have been accessed. We are working closely with the NCSC, which is investigating a widespread phishing campaign against a broad range of organisations across the UK. This has affected a very small proportion of NHS email accounts.

Phishing ServiceAlso see: What is Phishing?

“We are investigating this issue and have taken the precaution of asking all mailboxes that have a similar configuration to the compromised accounts to change their passwords with immediate effect,” they said.

“We have worked with the organisations involved to isolate affected accounts, supported them to make any necessary changes and have advised affected individuals.”

It is understood that this particular attack did not target the NHS per se, and nor is it necessarily related to cyber criminal activity coalescing around the Covid-19 coronavirus pandemic – rather it came about as the result of a global phishing campaign casting a wide net to ensnare as many organisations as possible.

The NCSC, which acknowledged it was assisting NHS Digital in the wake of the incident. Targets are quite easily compromised because the email will come from a legitimate email account, known to the target, which has been compromised, and its subject lines will often mirror the most recent genuine email exchange between the two, making the phishing email seem more plausible.


The more recent variants being seen towards the end of 2019 also sometimes included the compromised user’s address book entry for the recipient of the email. The email body texts tend to consist of a black ellipsis on a grey highlighted background, with a single hyperlinked sentence underneath. The most commonly received emails tended to say nothing more than “Notification received Open notification”, or a few minor variants on that text.

The health service pointed out thanks to a number of cyber security improvements put in place in the wake of the WannaCry incident, including a new password policy for users, NHSmail accounts had actually seen a 94% decrease in phishing emails in the past 12 months.

honeywell evohomeAlso see: UK Government plans to boost security of consumer smart devices

The NHSmail service has a strict set of standards governing its security, laid out under section 250 of the Health and Social Care Act of 2012, details of which are available to the public. It establishes acceptable usage policies, includes an encryption service for sensitive data, and contains strict password hygiene guidelines. NHS Digital also conducts proactive account monitoring and receives current threat intelligence through its security operations centre (SOC).

NHS Digital has stepped up monitoring of its other email accounts, numbering well over a million, for any further evidence of suspicious activity and said affected users will be contacted on or by 16 June.

Amanda Dresler

A very experienced freelance tech journalist who now prefers to work from home and has such a broad range of knowledge accrued over the years, we would not cope without her influence and ideas.


Popular Cyber News

Jun 12, 2020 Cyber Security

NHS email service fooled users in phishing attack

NHS Digital is contacting users of its NHSmail email system after a small number of mailboxes were compromised in a gene...

Jun 09, 2020 Cyber Threats

Common types of cyber-attacks and how to avoid them

With cyber-attacks on the rise, businesses are constantly worried about losing vital data and the threat is very real. ...

May 25, 2020 Cyber Security

Beware of security threats before deploying remote working

Remote working is receiving a great deal of attention recently for obvious reasons. The world has changed and remote wor...

May 07, 2020 Cyber Security

Three quarters of UK homeworkers haven't received cybersecurity training

As Covid-19-related cybersecurity threats continue to multiply, three in four of home workers are yet to receive any cyb...

May 05, 2020 Cyber Security

The importance of cybersecurity for UK businesses

Technology is constantly changing and at a pace which is hard to keep up with, but 'safety first' always applies. ...

May 18, 2020 Cyber Security

UK power grid operator Elexon hit by cyberattack

The UK’s power grid middleman Elexon has announced it has fallen victim to a cyberattack, which did not compromise pow...

Jul 23, 2020 Cyber Security

Many cyber attacks on UK sports industry says report

At large percentage of sporting institutions, organisations and teams in the UK have suffered a security incident in the...

May 27, 2020 Cyber Security

UK scared cybercriminals will use NHSX Covid-19 Tracing App to launch attacks

Nearly half (48%) of the UK public surveyed about the NHSX COVID-19 tracing app do not trust the UK government to keep t...

Apr 16, 2020 Cyber Security

Cybersecurity lessons to be learnt from the Pandemic

It may not be obvious, but the spread of information on computer networks is like disease processes. ...

Jun 08, 2020 Cyber Security

Ransomware attack compensation: What the UK public think

UK consumers believes businesses should stand their ground having suffered a ransomware attack and refuse to negotiate w...

Jun 06, 2020 Cyber Security

Phishing attacks on companies using PBX systems increases dramatically

While video conferencing solutions have become the prime targets for hackers recently following the shift to remote work...

Jun 12, 2020 Cyber Security

Cybersecurity in the shortsighted gig economy

The ‘gig’ economy encompasses the increasing economic trend for professionals to take on a series of temporary work ...

Apr 13, 2020 Cyber Security

Under half of UK businesses provide cybersecurity training: Kapersky

If businesses want to seriously wan to reduce he risk of data breaches and remains secure, they must commit to employee ...

Apr 17, 2020 Cyber Security

SonicWall launches boundless cyber security platform

SonicWall has released a new boundless cyber security platform to protect companies and government agencies remote workf...

Jun 11, 2020 Cyber Security

UK government to fund nine cyber security projects

The government is to invest £10m through March 2024 from various sources to fund nine academic cyber security projects ...

May 22, 2020 Cyber Security

EasyJet will be sued over customer data breach

Legal firm PGMBM, a specialist in group legal action, has issued a class action claim under Article 82 of the General Da...

Symantec Home 120x60