Some 113 NHS email accounts were compromised by phishing emails last month, the NHS has admitted.
The attack came amid a large-scale, ongoing phishing campaign across the UK targeting multiple sectors.
Due to the potential compromise of sensitive data like patient medical records, a breach of any kind on NHS end-points is of serious concern; all affected accounts have been isolated.
A spokesperson for NHS Digital played down the incident, saying: “There is currently no evidence to suggest that patient records have been accessed. We are working closely with the National Cyber Security Centre, who are investigating a widespread phishing campaign against a broad range of organisations across the UK.”
To mitigate the risk to its patients and employees the NHS has worked with the NCSC to implement new security guidelines across the NHS.
Using a range of security techniques, such as reducing the organisation’s overall reliance on passwords, to implementing multi-factor authentication and single sign-on systems, the NHS has witnessed a 94 percent decrease in phishing incidents within the last year.
The NCSC issued a warning in 2018 about a campaign that has continued to this day, with a sharp spike of attacks again noted in October 2019.
The agency said at the time: “The NCSC is aware that victim accounts have been compromised without a user actually entering any credentials. It is possible that the actor has used password spraying to gain access.
“Following compromise, the actors access the accounts remotely (via IMAP) to monitor the victim mailbox and observe the sent items. The account is then accessed a second time to disseminate this phishing email further (via SMTP), using the victim’s address book identified in the previous access.”