Request regarding Details on cyber security fraud including scams and Covid-19.

Published: 22 February 2021

Information requested

Under the Freedom of Information Act I would like to request the following details on cyber security:

  • Question 1. How many complaints of scams and Covid-19 related frauds has NHS Counter Fraud Authority received?
  • Question 2. What amount of losses have the staff incurred due to scams and frauds in the past five years? I am requesting the amount of loss to the NHS cause by scams and cyber security related frauds which may have been investigated by NHS Counter Fraud Authority.
  • Question 3. What security measures have been ensured across staff? Please give information for the security measures taken by NHS staff relating to scams and cyber security related frauds.
  • Question 4. What actions have been taken by the Authority against cyber-attacks and frauds? Can you give information about any sanctions which may have been taken against fraud offences by NHSCFA?

NHSCFA response

The NHS Counter Fraud Authority has undertaken an information search of its case management system to comply with your request.

1.There are 230 information reports recorded matching the search criteria ‘Covid-19 ’ and ‘cyber security’ related fraud.

2 & 4 Between 1st January 2016 and 26th February 2021, there have been 40 cases of cyber fraud. Only 16 of these cases however, record an amount of fraud identified and I cannot therefore provide the total amount of loss incurred by staff due to scams and fraud, as this data is not held.

Of the 40 cases, 2 were referred to external agencies and 38 closed with no fraud found or fraud found and sanctions not possible

3. NHS Counter Fraud Authority provides advice and guidance to NHS staff on how to avoid falling victim to fraud during the Covid-19 pandemic. The guidance for NHS staff is published on the NHSCFA website:

Protecting yourself from fraud | COVID-19 guidance| NHS Counter Fraud Authority (cfa.nhs.uk)

Help us improve cfa.nhs.uk

Tell us what's happened so we can fix the problem. Please do not provide any personal, identifiable or sensitive information.


Thanks for the feedback!