The data is based on reported cases by NHS staff to NHS Digital using report buttons on email accounts.
Figures from NHS Digital (NHSD) have revealed that staff across the NHS received over 137,000 malicious emails in 2020.
Of the reported cases, doctors, nurses and admin staff were sent 27,958 suspected phishing emails targeting the NHSmail email service, designed to lure the recipient into handing over confidential data.
Additionally, health workers reported 109,491 suspected spam emails throughout the year.
The data shows that January 2020 was the highest month for combined phishing and spam emails - before the pandemic took hold - with 29,355 in total, made up of 4,895 phishing attempts and 24,460 spam reports.
The next highest month was the peak of UK lockdown restrictions in March, with 28,855 emails reported. But this was the peak month for potentially more damaging phishing - 5,749 phishing attacks and 23,106 spam reports.
The period from April to December saw a steady decline in the number of suspicious emails reported to NHS Digital, decreasing from 11,068 in April, down to a yearly-low of 4,382 in December.
Our security awareness training helps staff understand their working environment, giving them the confidence to speak up when something doesn’t look right.
Read more here.
Despite these lower figures though, in June 2020, NHS Digital revealed that more than a hundred NHSmail mailboxes had been compromised and were sending malicious emails to external recipients.
Employees should follow their organisational guidance, where available, on how to report suspicious emails.
The National Cyber Security Centre (NCSC) has published advice on how to spot and deal with suspicious emails, and readers are reminded that these can be reported to the NCSC by using the Suspicious Email Reporting Service (SERS) and suspicious text messages to Short Code 7726.