NHS

Email migrated from @nhs.net to @nhs.scot

nhs.net has a strong DMARC policy but nhs.scot has a weak DMARC policy

It’s good that the email domain has been standardised across the Scottish NHS. This strong identity isn’t just for branding, it also enhances security so that people learn what domains to trust. The domain names for the 14 NHS Boards are all over the place. Some being xx.net, some xx.co.uk, some xx.com and even xx.org

Not only have the individual Boards failed to achieve any consistency of naming standards, but they have comprehensively failed to implement adequate DMARC protection for those domain names.

NHS Scotland has 14 regional NHS Boards

NHS BoardWebsiteEmail SecurityDMARCMTA-STS
Ayrshire & Arranhttps://nhsaaa.netNCSC logo linking back to NCSCRAG red statusRAG green status
Bordershttps://www.nhsborders.scot.nhs.ukNCSC logo linking back to NCSCRAG amber statusRAG green status
Dumfries & Gallowayhttps://www.nhsdg.co.ukNCSC logo linking back to NCSCRAG red status
Fifehttps://www.nhsfife.orgNCSC logo linking back to NCSCRAG red status
Forth Valleyhttps://nhsforthvalley.comNCSC logo linking back to NCSCRAG red status
Grampianhttps://www.nhsgrampian.orgNCSC logo linking back to NCSCRAG red statusRAG red status
Greater Glasgow & Clydehttps://www.nhsggc.scotNCSC logo linking back to NCSCRAG red statusRAG red status
Highlandhttps://www.nhshighland.scot.nhs.ukNCSC logo linking back to NCSCRAG amber statusRAG red status
Lanarkshirehttps://www.nhslanarkshire.scot.nhs.ukNCSC logo linking back to NCSCRAG amber statusRAG red status
Lothianhttps://www.nhslothian.scotNCSC logo linking back to NCSCRAG red statusRAG red status
Orkneyhttps://www.ohb.scot.nhs.ukNCSC logo linking back to NCSCRAG amber statusRAG red status
Shetlandhttps://www.nhsshetland.scotNCSC logo linking back to NCSCRAG red statusRAG red status
Taysidehttps://www.nhstayside.scot.nhs.ukNCSC logo linking back to NCSCRAG amber statusRAG red status
Western Isleshttps://www.wihb.scot.nhs.ukNCSC logo linking back to NCSCRAG amber statusRAG red status

NHS Scotland also has some Special NHS Boards

NHS BoardWebsiteDMARC recordRAG status
1Public Health Scotland
2Healthcare Improvement Scotland
3NHS Education for Scotland
4NHS National Waiting Times Centre
5NHS 24
6Scottish Ambulance Service
7The State Hospitals Board for Scotland
8NHS National Services Scotland

Little wonder the NHS has been subjected to numerous data breaches given the obvious failings in IT governance.