Targeted malware campaign

February 20, 2024

The NHS has been targeted by a widespread malware-by-mail campaign.

Those who have been targeted will receive an email from an external sender with a customised targeted subject field (seen to be referencing NHS and NHS usernames), with an attached Excel spreadsheet.

Content within the spreadsheet prompts recipients to click a button resulting in a connection to a remote server triggers a malware infection.

400+ emails have already been seen across the NHSmail estate within the last 24 hours, and whilst preventative activity is taking place locally and centrally, it is expected that this attack is likely to be ongoing.

As always, you should remain vigilant around emails that you interact with – please be aware of any unexpected emails requesting usernames, passwords, or password reset links, and exercise caution when opening any attachments.

As always, should you have any further queries then please do contact the IT Service Desk on ext. 4050 or 0121 507 4050 for home workers or via service desk live chat.