NHS Is Hit by Another Cyberattack That Left Over 100 Email Accounts Exposed

The coronavirus pandemic has put the healthcare systems of countries all across the world to the test. The lives of millions of people are on the line, and for once, the actions of certain hackers led us to believe that behind the Guy Fawkes masks and underneath the black hoodies, there are actual human beings. In March, the operators of several major ransomware families promised to stop the attacks on hospitals and healthcare organizations for the period of the crisis. Unfortunately, other groups of cybercriminals see no problem in hitting the people who are on the front line against the nasty virus.

Last week, the UK's National Health Service (NHS) announced that instead of concentrating all its efforts on ensuring people's well-being during the pandemic, it's recently been forced to deal with a cyberattack that resulted in the compromise of 113 email accounts. The addresses belong to NHS employees, and between May 30 and June 1, the hackers used them to send spam to recipients outside the Service, the announcement reads.

The attackers didn’t target the NHS specifically

Aiming an attack at the NHS at this time is inappropriate at best, but it must be said that the hackers' efforts weren't specifically concentrated on the UK's healthcare system. The NHS says that the attack was a part of a massive phishing campaign that's been disrupting the work of a number of different British organizations. The National Cyber Security Centre (NCSC) alerted about it eight months ago.

According to the NCSC, the campaign is massive, and it is hitting organizations of all shapes and sizes, regardless of the sector they're working in. The only goal is to harvest email login credentials, and it appears to be doing it rather effectively.

Once they compromise an email account, the hackers go through its address book and send simple phishing emails to selected entries. In most cases, the recipients are told that there's a notification for them and are given links which lead to phishing pages. The emails are not particularly convincing, but by sending them from legitimate addresses, the crooks are improving their chances of success.

Most of the effort has gone into the phishing pages. The phishers have created a large set of them, and depending on the target, they are choosing which one to send. The fake login form contains the victim organization's logo, which makes it much more convincing. After a user has given away their credentials, the crooks log into their email account, rummage through the victim's address book, and repeat the process.

Although NCSC alerted about it in October when it noticed a spike in the activity, the campaign has been going on since July last year, and it has probably affected quite a few organizations and employees already.

Compromising NHS email accounts could lead to a data breach

As we mentioned already, for the time being, the crooks appear to be interested in victims' email credentials only, but we should note that by compromising inboxes in such a wide range of organizations, they could get their hands on some pretty sensitive information. The 113 NHS accounts, for example, probably contained personal and health-related data of patients in the UK. In fact, the NHS must check whether any information of this nature might have been accessed, and it should notify potentially affected patients.

Not the first cybersecurity incident around the NHS

In May 2017, the WannaCry ransomware hit organizations all around the world, and the NHS was one of its biggest victims. The outbreak disrupted the work of hospitals and healthcare institutions across the UK, and it should have really served as a reminder about how important cybersecurity is. Despite this, in July 2019, more than two years after the attack, the UK Government revealed that more than 2 thousand of NHS' computers were running the now-ancient and woefully unsecure Windows XP.

The recent hijacking of 113 email accounts wasn't dependent on old software, but it showed that NHS employees are susceptible to phishing attacks, and it was yet another cybersecurity incident for the Service. If it's to be the last one, the NHS must start thinking about addressing such issues.