NHS email accounts hijacked for phishing campaign

Over 130 NHS email accounts were used in a phishing campaign targeting Microsoft users that spanned between October 2021 to March 2022, as detected by security platform Inky. The intrusion was identified as originating from two NHS IP addresses, indicating the source was effectively hijacked rather than a compromised server. The emails often contained document notifications linked to credential harvesting sites. The NHS responded quickly and attack rates reduced when initially reported on 13 April.