Please note this information is correct at the time of publishing
Cyber Security recommendations and updates
To ensure the continued integrity, security and reliability of the NHSmail platform and your own organisation, we recommend implementing the following best practice advice and be aware of the following security changes.
Recommend Local Administrator (LA) action – password reset process review
NHSmail and the CSOC (Cyber Security Operations Centre) recommend LAs carry out regular reviews of Helpdesk/Support Desk/ICT processes to ensure that adequate validation of users is taking place when performing a password reset. Any reset done over the phone must include the validation of security questions.
Failure to verify users attempting to reset a password could result in an unintentional breach or be as a result of a compromised account.
Recommended Local Administrator (LA) action – Multi-Factor Authentication (MFA) for accounts working in sensitive or high-risk business areas
The need for increased security awareness and prevention across high-risk accounts is best practice. It is NHSmail and the CSOC recommendation that organisations work
to secure nhs.net mail accounts belonging to departments handling sensitive and high-risk information, for example Finance, HR by enabling MFA on those accounts.
For further information please visit the NHSmail support pages: https://support.nhs.net/knowledge-base/multi-factor-authentication-mfa/
Recommended Local Administrator (LA) – Spam/malicious email identification
NHSmail users should never click on any provided link to verify their accounts. The only exception being the automated password expiry reminders which will always be sent from no-reply@nhs.net to your own nhs.net email address.
Whilst measures are taken to prevent spam and phishing emails from being delivered to NHSmail users, we would ask that all users remain vigilant to spam and phishing emails and report any suspicious URL and emails to spamreports@nhs.net.
Organisations should also consider roll out of the Trend “Phishing Reporter” to assist end users reporting suspicious activity.
If you identify malicious emails, CSOC would appreciate original samples being submitted (as an attachment) to carecert@nhsdigital.nhs.uk for further analysis.
Disablement of NHSmail accounts with a registered non-UK number
As part of our continued commitment to maintaining security and stability across the NHSmail Service, we frequently review our security posture and security level of the platform.
To further secure NHSmail accounts, particularly around use of mobile phone numbers registered outside of the UK, we have disabled a small number of accounts and are notifying our user base that non-UK numbers are not permissible going forward.
Local Administrators (LAs) will need to be aware that if contact is made by an impacted user to the helpdesk, it will be referred back to the local organisation to apply a UK based phone number.
NOTE: This change will come into effect today, 30 June 2022.
If you require additional help and support, the NHSmail helpdesk is available 24 hours-a-day, 7 days-a-week on 0333 200 1133 or by emailing helpdesk@nhs.net.
Multi-Factor Authentication (MFA) for compromised accounts
As part of the ongoing efforts to protect the NHSmail platform, Multi-Factor Authentication (MFA) will now be enforced by the NHSmail team on all NHSmail accounts that are identified as compromised.
This action is in addition to the upcoming functionality being introduced into the NHSmail Portal to automate the enabling of MFA for compromised accounts.
As part of the existing process, Local Administrators (LAs) of accounts identified as compromised will be notified by the NHSmail team to then work with the user(s) to configure MFA in addition to ensuring a malware scan has been performed on the device(s) recently used to access the account.
Further information can be obtained via the NHSmail Support Site guidance on how to configure MFA.
If you require additional help and support, the NHSmail helpdesk is available 24 hours-a-day, 7 days-a-week on 0333 200 1133 or by emailing helpdesk@nhs.net
New anti-phishing safety MailTips
On Monday 27 June, new functionality was introduced for NHSmail users that will display safety MailTips.
These MailTips will be displayed in scenarios where an NHSmail user receives an email and either of the following statements are true:
• This is the first email the recipient has received from this sender
• Received an email from a sender that has historically sent low volumes of email
Further information can be found via the NHSmail Support Site guidance.
If you require additional help and support, the NHSmail helpdesk is available 24 hours-a-day, 7 days-a-week on 0333 200 1133 or by emailing helpdesk@nhs.net.
Best wishes,
NHSmail Team
NHSmail is provided by NHS Digital
in partnership with Accenture
