We have been advised today of another attempt to send phishing emails from our surgery email account. This has been reported to NHS Digital which runs our email account and our data protection officer. Our security has been checked again and remains up to date. If you receive a suspicious email, please delete it immediately from your inbox and email bin. Do not click on any links. We can again advise there is no evidence that patient data has been accessed.

We understand the anxiety this may cause our patients and would like to reassure everyone that we have escalated this with the appropriate NHS digital IT providers.

Thank you to our patients who made us aware of suspicious email activity from our surgery email account on the evening of Saturday 30 May. This activity was immediately reported to NHS Digital, our local IT Team, Information Governance Team and the Information Commissioner.

If your email address was involved in the incident, you may be contacted by NHS Digital by end of 12 June 2020 directly, but we can advise we have taken all steps to prevent this from happening again.

We would like to reassure all patients that your medical records were not accessed. It seems that some email addresses with the subject line of an email received into the account were used to contact some patients. We understand the anxiety that this incident has caused and sincerely apologise for this.

Our IT department has confirmed that our security software was up to date at the time of the incident and remains so. Our surgery email is managed by national NHS systems and we have requested they undertake further investigation into the direct cause.

Alrewas Surgery takes the protection of your data very seriously and applies a range of methods to try to prevent incidents like this happening. Our staff are all trained to the highest of standards and the surgery has made a satisfactory submission to the Data Security and Protection Toolkit which is the national standard for all health and social care organisations to demonstrate the way in which we handle, process and share personal data.

The following may help all our patients to identify whether an email is suspicious:

  • We do not send emails from the surgery account over the weekend, they will never just include a link for you to click without an explanation of why from a member of surgery staff and will never ask you to input personal details.
  • If you receive an email from the surgery email account that looks suspicious e.g. any of the above reasons or it is misspelled, please report it to us as soon as possible and delete it from your inbox and your email bin.
  • It is also good practice to change your password and check your own computer/tablet/smartphone virus security.

About the author

howbeck administrator