Brian Sims
Editor
Brian Sims
Editor
THE CARE Quality Commission, the independent regulator of all health and social care services in England, has been bombarded by nearly 60,000 malicious e-mail attacks over the last three months, accounting for an average of nearly 20,000 attacks per month in the period from December until February.
The data was obtained via a Freedom of Information Act request issued by the Parliament Street Think Tank. It reveals that January 2021 was the most popular month for malicious e-mail attacks with 20,486 episodes recorded. This was closely followed by February at 18,501 recorded cases, and finally December last year when there were 17,587 cases.
The data provided by the Care Quality Commission is also broken down by types of attacks facing the organisation each month. By far the most popular attack format was phishing, which accounted for a significant 94% of all recorded attacks (52,905). The figures for each month are 16,387 in December, 18,865 in January and 17,653 in February.
The Care Quality Commission also recorded 2,311 total instance of malware – 808 in December, 959 in January and 544 in February – as well as 1,358 cases of spam (392 in December, 662 in January and 304 in February).
This worrying news arrives just a few weeks after it was revealed that NHS staff had been targeted by 140,000 malicious e-mails throughout 2020.
Spike in cyber crime
Experts have suggested that this spike in cyber crime activity could be due to scammers attempting to take advantage of the COVID vaccination roll-out programme, which officially kicked off in the UK in December and picked up momentum for mass roll-out in January.
Chris Ross, senior vice-president of international sales at Barracuda Networks, commented: “Over the last 12 months, cyber criminals have increasingly exploited the COVID-19 pandemic by using carefully tailored phishing e-mails to trick remote employees into handing over confidential data and personal information. Our recent research even revealed a 26% spike in vaccine-related phishing activity since October last year.”
Ross continued: “Due to its association with the NHS and the vaccination programme, scammers have clearly identified the Care Quality Commission as a target for valuable data and will continue to send malicious e-mail attacks to employees until sensitive information or log-in credentials are leaked. Once compromised, data can then be sold on the black market or otherwise used to hold the organisation to ransom.”
In conversation with Security Matters, Ross concluded: “Combating this threat requires companies to introduce mandated training initiatives in order to help members of staff identify suspicious e-mail activity and respond to it both responsibly and securely. Organisations in high-risk sectors like healthcare should also adopt Artificial Intelligence-enabled e-mail defence software, which will flag and block sophisticated spear-phishing attacks from even entering any given Inbox, reducing the risk that human error poses to data security.”