Hackers hit NHS watchdog with 20,000 email attacks every month

NHS regulator reveals it receives around 20,000 hostile email attacks including malware, phishing and spam emails, according to newly released data

by Patrick Sullivan, Political Editor on 10 March 2021 14:33


The Care Quality Commission (CQC), the independent regulator of all health and social care services in England, has been bombarded by nearly 60,000 malicious email attacks over the last 3 months (December 2020 – February 2021), accounting for an average of nearly 20,000 attacks per month in this time period, according to official figures.

This data was obtained via a Freedom of Information (FOI) act request from a Parliament Street think tank and revealed that January 2021 was the most popular month for malicious email attacks, recording 20,486. This was closely followed by February, at 18,501 recorded cases, and finally December 2020, at 17,587 cases.

The data provided by CQC was broken down by types of attacks facing them each month. By far the most popular attack form was phishing, which accounted for a significant 94 per cent of all recorded attacks (52,905) – this was broken down by 16,387 in December, 18,865 in January, and 17,653 in February. CQC also recorded 2,311 total instance of Malware – 808 in December, 959 in January and 544 in February – as well as 1,358 cases of spam – 392 in December, 662 in January and 304 in February.

This news arrives just a few weeks after it was revealed that NHS staff had been targeted by 140,000 malicious emails throughout 2020.

Experts have suggested that this spike in cyber crime activity could be due to scammers attempting to take advantage of the vaccination rollout programme, which officially kicked off in the UK in December 2020, and picked up momentum for mass rollout in January 2021.

Chris Ross, SVP Sales International at Barracuda Networks, told The Commentator: “Over the last 12 months, cyber criminals have increasingly exploited the Covid-19 pandemic by using carefully tailored phishing emails to trick remote employees into handing over confidential data and personal information. Our recent research even revealed a 26 per cent spike in vaccine related phishing activity since October 2020.

“Due to its association with the NHS and the vaccination programme, scammers have clearly identified the CQC as a hot target for valuable data and will continue to send malicious email attacks to employees until sensitive information or log-in credential are leaked – once compromised, data can then be sold on the black market, or used to hold the organisation to ransom.

“Combatting this threat requires companies to introduce mandated training initiatives to help staffers identify suspicious email activity, and respond to it responsibly and securely. Organisations in high risk sectors should also adopt AI-enabled email defence software, which will flag and block sophisticated spear-phishing attacks from even entering any given inbox, reducing the risk that human error poses to data security," added Ross. 

blog comments powered by Disqus