NHS Inboxes Hijacked to Send 1000+ Malicious Emails

Written by

More than 1000 phishing emails were sent from compromised National Health Service (NHS) inboxes over a six-month period ending this year, according to new research from Inky.

The email security firm claimed the campaign started around October 2021 and escalated “dramatically” in March this year, when Inky detected 1157 phishing emails originating from NHSmail inboxes.

After reporting its findings to the NHS on April 13, the volume of attacks originating from NHSmail inboxes fell dramatically the next day to just a “few,” the firm claimed.

Some 139 health service employees had their official email accounts individually compromised in the campaign to send out a variety of malicious messages.

“The majority were fake new document notifications with malicious links to credential harvesting sites that targeted Microsoft credentials. All emails also had the NHS email footer at the bottom,” Inky explained.

“Some emails impersonated Adobe and Microsoft by using their logos in phishing emails, and a few were advance-fee scams.”

However, the scale of the campaign could have been even greater, given that Inky only detected the phishing messages sent to its customers.

In response to Inky’s findings, an official NHS statement claimed that the health service has processes in place to continuously monitor for such risks.

“We address them in collaboration with our partners who support and deliver the national NHSmail service,” it added.

“NHS organizations running their own email systems will have similar processes and protections in place to identify and coordinate their responses, and call upon NHS Digital assistance if required.”

It’s unclear how the healthcare employees were compromised in the first place, although recent research from Comparitech estimated that UK public sector workers might have clicked on as many as 58,000 suspicious links last year.

When assessed per employee, NHS Digital recorded the highest number of malicious emails for 2021 at 89,353.

What’s hot on Infosecurity Magazine?