Network security is a top priority for any company, and especially those that handle sensitive information. But it's not a DDoS attack or hack that brought the UK's National Health Service (NHS) to its knees today; it's a single, blank email sent to 1.2 million employees.
As The Register reports, a blank email with the subject line "test" was initially sent out to a small number of recipients on a "CroydonPractices" distribution list. Somehow, the email then found its way into the inbox of every single employee with a NHS.net email address. And as is typically the case in these situations, some of those recipients responded (to everyone) asking to be removed from the list.
You can imagine the pain that followed. As many as 80 recipients are thought to have responded to the email using "reply all." So the initial 1.2 million emails quickly increased to tens of millions. The NHSmail servers have been struggling to cope ever since, with a delay of up to three hours being for email delivery.
The name of the person who sent the initial email hasn't been made public, but we know they are a "senior ICT delivery facilitator." The NHS tech support team has responded by warning of email delays, but seems to be on top of the problem.
Real Life. Real News. Real Voices
Help us tell more of the stories that matterBecome a founding member
"As soon as we became aware of the email we deleted the distribution list so that no one could respond to it. We anticipate the issue will be rectified very soon," an NHS Digital spokeswoman told The Register.
For the rest of the day, at least, it's probably best if NHS staff refrain from sending any emails that aren't vitally important. I suspect measures may now be put in place to ensure sending an email to over a million people with the push of a button is no longer possible at the NHS.
Subscribe to the newsletter news
We hate SPAM and promise to keep your email address safe