Cyber criminals deluged NHS staffers with a total of 137,476 rogue emails last year, according to official figures from NHS Digital, the technology provider for the national health service.

The total could be far higher though, as the data obtained under the Freedom of Information Act by the Parliament Street think tank is based on reported cases by NHS staff to NHS Digital using report buttons on email accounts - not all staff bother using them.

Of the reported cases, doctors, nurses and admin staff were sent 27,958 suspected phishing emails targeting the NHSmail email service, designed to lure the recipient into handing over confidential data.

Additionally, health workers reported 109,491 suspected spam emails throughout the year.

The data shows that January 2020 was the highest month for combined phishing and spam emails - - before the pandemic took hold - with 29,355 in total, made up of 4,895 phishing attempts and 24,460 spam reports.

The next highest month was the peak of UK lockdown restrictions in March, with 28,855 emails reported. But this was the peak month for potentially more damaging phishing - 5,749 phishing attacks and 23,106 spam reports.

The period from April to December saw a steady decline in the number of suspicious emails reported to NHS Digital, decreasing from 11,068 in April, down to a yearly-low of 4,382 in December.

Despite these lower figures though, in June 2020, NHS Digital revealed that more than a hundred NHSmail mailboxes had been compromised and were sending malicious emails to external recipients.

Chris Ross, international senior vice president at security vendor Barracuda Networks, said: “These figures are a reminder that when it comes to stealing confidential data and wreaking havoc, cyber criminals still consider our health service to be fair game.

“It’s absolutely vital that email systems are properly protected from outsider threats - to block malicious emails before they reach the inbox.”

Share Story: