NHS email accounts hijacked for phishing campaign | Computer Weekly
More than 130 NHS email accounts were hijacked for a credential harvesting phishing operation targeting Microsoft users, although true scope of the attack is unknown.
During the phishing campaign – which started in October 2021 and escalated dramatically in March 2022 – cloud-based security platform Inky detected 1,157 phishing emails originating from #NHSMail, which was migrated from an on-premise installation to #Microsoft Exchange Online in February 2021.
All of the #phishing emails passed email authentication for nhs.net, and were sent from two IP addresses used by the NHS, which confirmed that the two addresses were relays within the mail system used for a large number of accounts
https://www.computerweekly.com/news/252516702/NHS-email-accounts-hijacked-for-phishing-campaign