Is the NHS at risk of another cyber attack during COVID-19?

Share on Social

The cyber security community fear that hackers will exploit COVD-19 for their own gain after Europol has warned about pandemic profiteering.

The National Cyber Security Centre has already reported that:

“There has been an increasing number of malicious cyber actors exploiting the current COVID-19 pandemic for their own objectives.”

Many fear that as the NHS has fallen victim to large scale cyber attack in the past, it is an easy target for cyber criminals.


Is the NHS a target?

At the beginning of April the Independent newspaper reported that the organisation is at risk of a major cyber attack as it fights against the outbreak of coronavirus, according to experts.”

The main fear among NHS professionals is that another cyber attack would cause similar widespread disruption to that suffered by the NHS in 2017 due to the WannaCry attack when 19,000 appointments were cancelled. This is not a situation the NHS can afford in its current fragile state.

Speaking to the Independent, Neil Bennett, acting Chief Information Security Officer at NHS Digital, said:


“This is a time of unprecedented stress on the NHS, not least for the cyber security and IT teams who are continuing to work hard in all NHS organisations to keep patient data and systems secure, to continue to deliver safe patient care.”

He continued:

“Working closely with partner organisations such as the National Cyber Security Centre and NHSX, we have created a new programme of work to help tackle the challenges that Covid-19 has presented the health and care sector.”

Advice from the National Cyber Security Centre

A joint advisory from the United Kingdom’s National Cyber Security Centre (NCSC) and the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has been released to support organisations on how to deal with COVID-19 related malicious cyber activity.

Common threats that have been spotted during the pandemic include:

  • Phishing, using the subject of coronavirus as bait
  • Malware distribution using coronavirus themed lures
  • Registration of new domain names containing coronavirus or COVID-19
  • Attacks against newly deployed remote access or remote working infrastructure


To combat these threats, the Minister for Security, James Brokenshire, has said:

“I encourage everyone to follow the Cyber Aware advice and to use the Suspicious Email Reporting Service. They provide important new ways in which we can protect ourselves as well as our families and businesses.”

The ‘Stay home. Stay Connected. Stay Cyber Aware’ campaign encourages has outlined these top tips for staying secure online during the coronavirus pandemic:

  1. If possible turn on two-factor authentication for sensitive accounts
  2. Always protect yout accounts using a password of three random words
  3. Protect your email account by using a creating a separate password
  4. Update the software and apps on your devices regularly
  5. Save your passwords in your browser
  6. To protect yourself from being held to ransom, back up important data

How Cyber Essentials Online can help

It is often the most common vulnerabilities that cyber hackers will exploit during this time. If your organisation is worried about being a target, it should be implementing Cyber Essentials key controls.

Officially backed by the UK Government, Cyber Essentials is a great solution for businesses looking to improve their cyber security settings and standing. By implementing five simple key controls, you can protect your business from up to 80% of common cyber security threats.

Find out more about our packages and get started with your Cyber Essentials certification.


Learn more