NHS Digital statement on NHSmail phishing incident
An NHS Digital spokesperson said:
“We are aware that 113 NHSmail mailboxes were compromised and sent malicious emails to external recipients between Saturday 30 May and Monday 1 June 2020.
“There is currently no evidence to suggest that patient records have been accessed. We are working closely with the National Cyber Security Centre, who are investigating a widespread phishing campaign against a broad range of organisations across the UK. This has affected a very small proportion of NHS email accounts.
“We are investigating this issue and have taken the precaution of asking all mailboxes that have a similar configuration to the compromised accounts to change their passwords with immediate effect.
“We have worked with the organisations involved to isolate affected accounts, supported them to make any necessary changes and have advised affected individuals.”
Notes to editors
To date, 113 mailboxes have been found to be compromised on the NHSmail network. This represents around 0.008% of the accounts in the network. This has not been a targeted cyber attack, but a global phishing campaign designed to cast a wide net.
The NCSC has confirmed that this activity is part of a widespread credential-harvesting phishing campaign that is targeting a broad range of organisations across the UK. Further details can be found here.
All affected individuals will have received an email from us by Tuesday 16 June 2020.
We continue to monitor all 1.41 million NHSmail accounts for suspicious activity and evolving security threats, and proactively take steps to ensure the safety of patient data to the high standards that NHSmail users expect
In the past year, there has been a 94% decrease in phishing emails sent to NHSmail accounts due to a range of steps we have taken and in summer 2019 we also implemented a new password approach that follows National Cyber Security Centre guidelines.