BreachExchange mailing list archives
NHSmail accounts hit by phishing attack
From: Destry Winant <destry () riskbasedsecurity com>
Date: Tue, 16 Jun 2020 09:29:58 -0500
https://www.ukauthority.com/articles/nhsmail-accounts-hit-by-phishing-attack/ Over 100 NHSmail boxes have been hit by a phishing attack, according to a statement by NHS Digital. It said 113 mailboxes were compromised and sent malicious emails to external recipients between Saturday 30 May and Monday 1 June 2020, while also stating there is no evidence of patient records having been accessed. It added that the National Cyber Security Centre (NCSC) had confirmed it was not a targeted cyber attack but a sweep to harvest user credentials. An NHS Digital spokesperson said: “We are working closely with the National Cyber Security Centre, who are investigating a widespread phishing campaign against a broad range of organisations across the UK. This has affected a very small proportion of NHS email accounts. “We are investigating this issue and have taken the precaution of asking all mailboxes that have a similar configuration to the compromised accounts to change their passwords with immediate effect. “We have worked with the organisations involved to isolate affected accounts, supported them to make any necessary changes and have advised affected individuals.” Continued monitoring The organisation said it is continuing to monitor the network of 1.41 million NHSmail accounts for suspicious activity and evolving security threats. It added that all affected individuals will have received an email from us by Tuesday 16 June 2020. The news comes shortly after it revealed that a new security layer has been integrated into NHSmail to enable external users to read encrypted messages. Earlier this year, NHS Digital announced plans to improve its security through a series of measures, including the creation of a password synchronisation micro-service to align passwords used in the NHS Directory and local active directories. NHS Digital said that in the past year there has been a 94% decrease in phishing emails sent to NHSmail accounts due to a range of steps taken. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- NHSmail accounts hit by phishing attack Destry Winant (Jun 16)