FOI release

Freedom of Information request on date range for the FOI requests is from 2018 to present day (FOI 21/1231)

Published 26 May 2022

FOI 21/1231

22nd November 2021

Dear,

Thank you for your email.

This response is applicable for both of your Freedom of Information (FOI) requests, FOI 21/1231 and FOI 21/1232 where you asked:

“The date range for the requests is from 2018 to present day. The data shall include a breakdown by year and by individual departments (e.g. separate departments, agencies, or public bodies within the main government agency), if applicable.

  1. How many malicious emails have been successfully blocked?

  2. What percentage of malicious emails were opened by staff?

  3. What percentage of malicious links in the emails were clicked on by staff?

  4. How many ransomware attacks were blocked by the department?

  5. How many ransomware attacks were successful?”

This information is exempt under Section 31 of the FOI Act for the following reasons:

The Agency like any organisation may be subject to cyber-attacks and, since it holds large amounts of sensitive, personal and confidential information, maintaining the security of this information is extremely important. Cyber-attacks, which may amount to criminal offences for example under the Computer Misuse Act 1990 or the Data Protection Act 1998, are rated as a Tier 1 threat by the UK Government.

In this context, providing requested information would provide information about the Agency’s information security systems and its resilience to cyber-attacks. There is a very strong public interest in preventing the Agency’s information systems from being subject to cyber-attacks. Providing the type of information requested would be likely to provide attackers with information relating to the state of our cyber security defences, and this is not in the public interest.

If you have a query about the information provided, please reply to this email

If you disagree with how we have interpreted the Freedom of Information Act 2000 in answering your request, you can ask for an internal review. Please reply to this email, within two months of this reply, specifying that you would like an Internal Review to be carried out.

Due to the ongoing Covid-19 situation, we are not able to accept delivery of any documents or correspondence by post or courier to any of our offices

Please remember to quote the reference number above in any future communications.

If you were to remain dissatisfied with the outcome of the internal review, you would have the right to apply directly to the Information Commissioner for a decision. Please bear in mind that the Information Commissioner will not normally review our handling of your request unless you have first contacted us to conduct an internal review. The Information Commissioner can be contacted at:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Yours sincerely,

MHRA Customer Service Centre

Medicines and Healthcare products Regulatory Agency

10 South Colonnade, Canary Wharf, London E14 4PU

Telephone 020 3080 6000