East Anglian Air Ambulance issues security alert after email breach

East Anglian Air Ambulance (EAAA) has issued an alert to staff and the public following a cyber-attack on its email system.

The charity warned people not to open emails purporting to be from contacts within the organisation after being “compromised” just after 11am today (17 August).

A statement issued by EAAA on Twitter read: “IMPORTANT: Our email system was compromised today at 11.01am after a cyber breach. If you receive an email from someone you know within our organisation with the subject line: ‘Update message from …’, please do not open it and delete it immediately.

“We take our data security very seriously & do our best to fight against cyber-attacks. Please be vigilant and if you have even the slightest suspicion about an EAAA email, please call us to check before opening it. If you have any concerns, please contact us at 03450 699999.”

IMPORTANT: Our email system was compromised today at 11.01am after a cyber breach. If you receive an email from someone you know within our organisation with the subject line: ‘Update message from ….’, please do not open it and delete it immediately. (1/2)

— East Anglian Air Ambulance (@EastAngliAirAmb) August 17, 2018

We take our data security very seriously & do our best to fight against cyber attacks. Please be vigilant and if you have even the slightest suspicion about an EAAA email, please call us to check before opening it. If you have any concerns, please contact us at 03450 699999 (2/2)

— East Anglian Air Ambulance (@EastAngliAirAmb) August 17, 2018

A spokesperson for the charity told Digital Health News that the breach happened after an email account belonging to a member of staff was hacked, resulting in a phishing email being sent out to EAAA contacts.

Phishing attacks often comprise of authentic-looking emails containing a link or attachment which, when clicked, infects the target device with malware.

They are most commonly used to trick unsuspecting victims into giving up sensitive information such as bank and credit card details, often by posing as a trusted person or organisation.

Health and care organisations are frequently spoofed in this regard.

“As far as we are aware, there has been no data breach and this only has potential to affect external email systems,” the spokesperson told Digital Health News.

“It looks authentic, so we are just issuing a warning.”

“As a charity who rely on support and engagement from our local community, we felt it important to be open and transparent and quick to highlight the potential risk to our supporter’s email systems, and therefore issued a warning on our social media.”

EAAA provides helicopter emergency medical service (HEMS) across Norfolk, Suffolk, Cambridgeshire and Bedfordshire.

The charity has attended some 23,000 lifesaving missions since being founded in 2000.