The Department of Health and Social Care (DHSC), the ministerial department responsible for the UK’s national health policy, has been targeted by almost 5 million email attacks over the past two years, according to new research.
The data was obtained under the Freedom of Information Act (FOI), and analysed by the Parliament Street think tank, observing the volume and type of email attacks blocked by the department between August 2022 and October 2024.
In total, the department faced 4,770,905 email attacks during the period, accounting for 9.31 per cent of the department’s overall email traffic.
Microsoft Edge Block accounted for 3,627,487 of the blocked attacks, making up 76 per cent of the overall threats. Spam accounted for 768,610 (16 per cent) of the blocked threats, followed by phishing with 342,169 (7 per cent).
There were also 2,649 malware threats, where harmful software hides in email attachments or links. Once opened, malware can steal sensitive personal data, damage IT systems and disrupt operations.
Despite these blocked threats, the Department of Health and Social Care reported 51,244,828 “good” mails in and out of its systems during the reporting period.
Alfie Scarborough, CEO of adCAPTCHA, said: “Healthcare organisations hold sensitive patient data, including medical records, addresses and financial details, making them high-value targets for cybercriminals. Email attacks are often launched via bot networks, which infiltrate IT systems and compromise devices to facilitate these threats. Bot networks account for 50% of global web traffic so preventing these threats requires identifying and neutralising bots to stop attacks at source.”
September 2022 was by far the busiest month for the Department of Health’s systems, blocking a staggering 619,396 email threats. The next highest during the period was 337,043.
Andy Ward, SVP International for Absolute Security, commented: “High-profile organisations are prime targets for cyber threats due to the vast amounts of data that they hold, especially in industries such as healthcare where that data is often sensitive and personal. It’s therefore critical that these organisations build a posture of cyber resilience to combat these threats, investing in both prevention and recovery technologies, implementing robust incident response frameworks, and providing staff training in order to mitigate risks.”
“An organisation is only as strong as its weakest entry point, requiring centralised IT teams to have visibility over all devices and applications to monitor for suspicious activity. When a potential breach occurs, security teams need the ability to freeze or shut down compromised systems, cutting them off from the rest of the network to prevent infiltration across the network. Having this proactive approach can stop attacks at source and limit the damage that they can cause.
