Windmill Surgery Reception NHSmail Account Cyber Attack

> What Happened? The Windmill Surgery Reception NHSmail account was attacked by cyber-criminals on 19 September. This led to email addresses that were potentially emailed to or emailed from this account within the last 12 months being harvested by the attackers. We learned of this on the morning of 20 September, following the return to work for our Windmill Surgery, after the Bank Holiday for the State Funeral of Her Majesty, Queen Elizabeth II.

> What Did We Do? On discovering the breach Tuesday morning, we worked with NHSmail to immediately lock the account, change the password, contacted the Cyber Unit at the ICB, and raised the alert on our website and Facebook page. We text patients to let them know not to open any emails from this address (received in the last two days), and to secure any accounts if they had already clicked on a link sent to them in an email by the attackers, and entered any details.

Further security steps have been introduced with the Windmill Surgery Reception NHSmail to prevent this from happening in the future, together with tighter controls on managing the mail account.

> The Windmill Surgery Reception NHSmail account was secured and operational again Tuesday evening.

> Questions and Answers About the Incident

Has Any of My Medical Record Been Compromised/Copied/Leaked? No. The Windmill Surgery Reception NHSmail account is nothing to do with the secure clinical system used to store patient data.

Is My Medical Record Safe? Yes. The Windmill Surgery Reception NHSmail account is nothing to do with the secure clinical system used to store patient data.

What information Was Stolen by The Attackers? Email addresses that were potentially emailed to or emailed from The Windmill Surgery Reception NHSmail account within the last 12 months were harvested by the attackers.

Did you Contact the ICO? Yes. We carried out a data breach self-assessment on the ICO website, and also spoke to a member of their data breach team and explained what had happened for further guidance.

What About Other Credentials (e.g., online access)? The Windmill Surgery Reception NHSmail account does not store any patient record information or online login credentials.

I Received an Email from The Attackers – What Should I Do? Delete it. If you have already clicked on the link and entered any of your details, you should change any user accounts or passwords which use these details NOW. If you do not already have suitable security software on your device, consider investing in a known product to help detect phishing emails, viruses, and cyber-attacks.

> Remember that you may receive other emails in the future, as the attackers try phishing attacks again. As always, be wary of ANY emails which ask you to click on a link and enter personal details. A good tip on a computer is to “hover” your mouse over the link – if you do not recognise the link as genuine/familiar, delete the email. If you’re still in doubt, do not click on any links in an email, and contact the email sender (that is, who it appears to be from). If it’s a genuine email, they will confirm this.

> Just like banks, we will never ask you for any password, PIN, or account information in an email, link, or attachment.

> You can find lots of self-help, and guidance on how to be cyber-savvy for all the family, from the National Cyber Security Centre.