Skip to main content

NHS email systems hit by 11m cyber attacks last year

(Image credit: Image source: Shutterstock/kpatyhka)

The National Health Service's email systems were attacked more than 11 million times in the last three years, according to new information from NHS Digital.

That’s more than 12,000 attacks a day, 500 attacks an hour, more than eight attacks every minute, for three years straight.

The numbers come courtesy of a Freedom of Information request and describes exactly the pressure NHSmail infrastructure system is facing.

NHS Digital says the NHSmail system blocked 11,352,000 email attacks. The highest ranking attacks are IP or domain reputation attacks (more than six million), followed by spam (3.6 million). A total of 852,000 incidents were recorded as anti-virus.

“It’s clear that hackers view the NHS as a top target with growing volumes of email attacks deliberately designed to fool doctors, nurses and other health service workers into handing over confidential data,” commented Andy Heather, VP at Centrify. 

“Increasingly we’re seeing cybercriminals gaining access to private information like patient records using legitimate log-in details which have been stolen or sold online. All too often this means that malicious activity remains undetected before it’s too late, so it’s vital that hospitals adopt a zero-trust approach to all user activity, ensuring every employee is verified and they are who they say they are.”

Two years ago, the NHS was one of the biggest victims of the infamous WannaCry ransomware attack, which ended up costing it more than $90 million.