NHS warned of new WannaCry cyber scam

NHS Digital’s cyber security team sent an alert to NHS IT departments on Thursday afternoon, warning of a “widespread phishing email campaign which has been delivered to multiple NHS organisations”.

Phishing is a scam where emails are sent, often en mass, to trick the recipient into sending money or revealing sensitive personal information. 

The phishing email sent to NHS organisations claims that the recipient’s computer is infected with the ransomware known as WannaCry, the same computer virus behind the worst cyber attack in NHS history in May last year.

To remove the infection, recipients were asked to send online current Bitcoin to another email address.

NHS Digital’s alert said it was not aware of any genuine fresh WannaCry infections in the NHS, and it believed the email was a scam to extract money.

Any recipient of the scam email was told to ignore its demands.

A NHS Digital spokeswoman told HSJ the email was a “low-sophistication attack asking for payment without any technical reason to do so.

“No one has paid it and the number of organisations who have reported it are fewer than five.”

NHS IT systems are bombarded with a daily stream of low-level cyber security threats, the vast majority of which are caught before they can disrupt patient services.

Concerns about cyber security in the NHS have grown since the global WannaCry attack, in which more than 80 NHS trusts and hundreds of GP practices were disrupted, leading to ambulance diversions and thousands of appointments being cancelled.

Reviews and inspections following that attack have revealed poor levels of cyber security preparedness within NHS organisations overall and prompted the shift of at least £175m of central funding into improving basic IT security across the system.