top of page

No rest for the wicked as cyber criminals target NHS employees

NHS Digital (NHSD) has published figures that revealed NHS employees received over 137,000 malicious emails last year.

The highest number of reported attacks were recorded between January and March, with almost 60,000 phishing emails flagged. From March, the numbers took a steady decline, but figures were recorded as over 11,000 malicious emails in April and remaining high with 4,382 in December.

Every day in the UK there are over 156 million phishing emails sent, 16 million of these pass the filters that are meant to stop them, leading to 8 million phishing emails still being opened. Phishing attacks are becoming increasingly difficult to spot, so it is extremely important that your employees are all working as safely as possible.

Here is a short video highlighting the most common things to look out for to avoid becoming a victim of a phishing attack.

Employees should follow their organisational guidance, where available, on how to report suspicious emails, if this is not available you can report these to the NCSC by using the Suspicious Email Reporting Service (SERS) and suspicious text messages to Short Code 7726.

Did you know that we offer Security Awareness Training through our Student Services? Employees are a huge asset and with security awareness training your employees can become highly effective barriers to cyber-crime.

Our Security Awareness Training provides simple and effective knowledge for people to understand their environment and provides the confidence to challenge when something doesn’t look right.

The training is focused on those with little or no cyber security or technical knowledge and is delivered in small, succinct modules using real-world examples.

Awareness training is tailored to each individual audience to provide the right level of skills and context for your business. The trainers are highly knowledgeable, personable, and friendly and pride themselves on providing the right environment for your people to feel comfortable and to ask questions.

Find out more on our dedicated Security Awareness Training web page.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the West Midlands is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the West Midlands provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.


The Cyber Resilience Centre for the West Midlands does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the West Midlands is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page