The National Cyber Security Centre (NCSC) and NHS England Cyber Operations have warned of increasing attacks by the Interlock ransomware group, which is actively targeting healthcare systems across Europe, including the UK. Tactics include encrypting systems and threatening to leak patient data. A subcontractor providing referral transcription was hit by Interlock ransomware, exposing 70,000 NHS records. Patient NHS numbers, notes, and letters were accessed.
In a GP Surgery Phishing Attack which occurred near Birmingham in June 2025, a spoof email led to compromise of prescription and appointment data. NHS England advised strengthening staff training. Between April to June 58% of cyber security incidents involved phishing, 24% unauthorised access and 13% server exploits. Legacy IT systems such as unsupported Windows versions remain a critical risk.
How attacks are happening:
- NHS login credentials stolen via phishing
- Compromised third-party suppliers
- Unpatched systems (e.g., SharePoint, Citrix)
Actions to take:
- Use Multi Factor Authentication on NHSmail & clinical systems
- Report phishing attempts, train staff to recognise them
- Never open suspicious links or email attachments
- Don’t share login details, including Smartcard credentials
- Regularly backup clinical and admin data offline
Source: https://www.esecurityplanet.com/security/interlock-ransomware-healthcare-warning/