[BreachExchange] NHSmail accounts hit by phishing attack

Destry Winant destry at riskbasedsecurity.com
Tue Jun 16 10:29:58 EDT 2020


Over 100 NHSmail boxes have been hit by a phishing attack, according
to a statement by NHS Digital.

It said 113 mailboxes were compromised and sent malicious emails to
external recipients between Saturday 30 May and Monday 1 June 2020,
while also stating there is no evidence of patient records having been

It added that the National Cyber Security Centre (NCSC) had confirmed
it was not a targeted cyber attack but a sweep to harvest user

An NHS Digital spokesperson said: “We are working closely with the
National Cyber Security Centre, who are investigating a widespread
phishing campaign against a broad range of organisations across the
UK.  This has affected a very small proportion of NHS email accounts.

“We are investigating this issue and have taken the precaution of
asking all mailboxes that have a similar configuration to the
compromised accounts to change their passwords with immediate effect.

“We have worked with the organisations involved to isolate affected
accounts, supported them to make any necessary changes and have
advised affected individuals.”

Continued monitoring

The organisation said it is continuing to monitor the network of 1.41
million NHSmail accounts for suspicious activity and evolving security
threats. It added that all affected individuals will have received an
email from us by Tuesday 16 June 2020.

The news comes shortly after it revealed that a new security layer has
been integrated into NHSmail to enable external users to read
encrypted messages.

Earlier this year, NHS Digital announced plans to improve its security
through a series of measures, including the creation of a password
synchronisation micro-service to align passwords used in the NHS
Directory and local active directories.

NHS Digital said that in the past year there has been a 94% decrease
in phishing emails sent to NHSmail accounts due to a range of steps

More information about the BreachExchange mailing list