NHS workers hit with more than 40,000 scam emails during COVID-19

Cybercriminals take advantage of coronavirus crisis to target NHS staff

Posted 12 August 2020 by Christine Horton

NHS staff have been hit with a total 43,108 scam emails during the COVID-19 outbreak, according to official figures.

The data from NHS Digital was obtained by the Parliament Street think tank under a Freedom of Information (FOI) request.

It revealed that doctors, nurses and support staff reported a staggering 21,188 malicious emails at the start of the crisis in March, including spam and phishing attacks to spamreports@nhs.net, the official NHSmail reporting address.

In April there were 8,085 reports, in May 5,883 and 6,468 in June, followed by 1,484 in the first half of July.

In June, NHS Digital said that more than a hundred NHSmail mailboxes were compromised through which malicious emails were sent to external recipients recently. The phishing incident took place between 30 May and 1 June, compromising 113 mailboxes.

In Merseyside, more than 45 different fake websites, with many more fake coronavirus phishing emails still in circulation.

St Helens and Knowsley Hospitals NHS Trust issued a warning to staff about how phishing attacks have been used by criminals targeting changes to bank accounts that staff members have their salaries paid into, by impersonating employees in emails to HR and Payroll.

The newsletter warned that further NHS payroll phishing attacks have invited employees to click on a link to verify their details and ensure they receive payment. It is advised that “Organisations should undertake checks to ensure staff are aware and authorise any requested changes to their bank details before those changes are made.”

In Birmingham, staff at Hockley Medical Practice, Birmingham, issued a warning text message to thousands of patients amid fears of a potential cyberattack on patient records.


Chris Ross, SVP International, Barracuda Networks says the wealth of personal and financial data stored in NHS inboxes is a goldmine to potential hackers.

 “After the WannaCry attack of 2017, the NHS did a great job in eradicating many of its cyber defence weaknesses,” he said. “However, it’s important that they maintain this resilience and constantly keep up with the developing cyber threat facing them.”

Andy Harcup, VP, Absolute Software says the firm is seeing a variety of sophisticated attacks targeting email inboxes of people working from home, often using personal devices.

“These figures are a reminder of the risks posed to the NHS by malicious cyber criminals. It’s essential that IT chiefs ensure the entire fleet of mobile devices in use are completely secure, with encryption turned on and the ability to wipe or freeze laptops in the event of theft or loss,” he said.