Official figures from NHS Digital show that NHS staffers were hit by 137,476 malicious emails last year.
The data, obtained under the Freedom of Information Act by the Parliament Street think tank, revealed that NHS staff reported 27,958 suspected phishing emails targeting the NHSmail email service in 2020. Additionally, health workers reported 109,491 suspected spam emails throughout the year.
The highest month for reported attacks was January (29,355) followed by March (28,855), the latter being when the strictest COVID-19 lockdown restrictions were introduced in the UK last year.
Interestingly, the figures highlighted a steady decline in the number of suspicious emails reported to NHS Digital from April to December, decreasing from 11,068 in April down to 4382 in December.
Chris Ross, SVP, international, Barracuda Networks, commented: “These figures are a reminder that when it comes to stealing confidential data and wreaking havoc, cyber-criminals still consider our health service to be fair game. Unfortunately, these scam emails are often incredibly realistic, lulling the victim into a false sense of security to hand over passwords, patient records and sensitive information by impersonating legitimate brands and even fellow employees.”
With the global pandemic putting a huge strain on hardworking doctors, nurses and clinical staff, it’s absolutely vital that email systems are properly protected from outsider threats, to block malicious emails before they reach the inbox, he added.
“It is equally important for Trusts to issue the necessary guidance about the risks associated with phishing attacks, so that staff are aware of the techniques used and can think twice before handing over important information to suspicious third parties.”