Who Is the New CEO — Mike McGrath?
Mike McGrath has been named the new Chief Executive Officer of Air Ambulances UK, the national body that supports, represents and champions the 21 independent air ambulance charities across the UK. He is set to take up the role in spring 2026. (AirMed&Rescue)
Professional Background
- McGrath brings 25 years of leadership experience from the UK and international charity sector. (AirMed&Rescue)
- He spent 14 years at the NSPCC, most recently as Special Adviser to its Child Safety Online Taskforce, with a record in organisational transformation, income growth, innovation and impact. (AirMed&Rescue)
- His career also spans global development, microfinance, older people’s services, health and education — giving him a broad understanding of charity leadership. (Vertical Mag)
- McGrath serves as a Trustee of Prostate Cancer UK and has studied at Windsor Leadership, Newcastle University, the Open University and the Chartered Institute of Fundraising. (Vertical Mag)
Role and Scope at Air Ambulances UK
Air Ambulances UK acts as the umbrella charity for the UK’s air ambulance community, providing support, advocacy, coordination and national representation for local charities that deliver advanced pre‑hospital emergency care by helicopter and rapid response vehicles across the country. (Inclusive Boards)
In his new role, McGrath will be responsible for:
- Strategic leadership of AAUK and alignment with its mission to support lifesaving critical care charities across the UK.
- Strengthening collaboration with member charities, partners and stakeholders.
- Driving innovation, growth and impact across fundraising, advocacy and public engagement.
- Helping deliver shared goals — such as partnerships with national bodies like NHS Supply Chain and sector development priorities. (AirMed&Rescue)
McGrath joins AAUK at a key moment for the sector, as demand for air ambulance missions continues to rise and charities seek to expand capacity, funding and policy support.
What the Leadership Says
Mike McGrath
“The work of AAUK and all 21 air ambulance charities across the UK is incredibly inspiring… I’m especially privileged to support and champion so many people who deliver lifesaving care every day. I’m very excited to play my part leading AAUK into its next chapter.” (AirMed&Rescue)
Sarah Thewlis — Chair of Trustees, Air Ambulances UK
“Mike brings deep experience, strong values, and a clear commitment to the charity sector… His background in national leadership and focus on collaboration will be invaluable… We are delighted to welcome Mike.” (AirMed&Rescue)
Their comments highlight confidence in his leadership and expectation that McGrath will help AAUK navigate growth, collaboration and sector‑wide challenges.
Why This Matters for the Air Ambulance Sector
Sector Leadership at a Critical Time
The UK air ambulance sector is facing:
- Rising demand for emergency missions nationwide, with thousands of lives saved each year by rapid pre‑hospital care. (AirMed&Rescue)
- Increasing operational and cost pressures, as charities rely heavily on public support and negotiated partnerships (e.g., with NHS Supply Chain) to sustain services. (AirMed&Rescue)
- Policy advocacy needs, such as improving hospital helipad access and support frameworks to enhance patient outcomes. (The Air Ambulance Service)
Leadership through AAUK plays a pivotal role in helping member charities coordinate, advocate and raise the profile of the sector nationally — including fundraising and innovation initiatives.
Expert and Sector‑Wide Reaction
Positive sector outlook
- Observers in the charity and emergency services fields have welcomed the appointment, noting McGrath’s extensive charity leadership experience as well suited to the diverse and complex needs of the air ambulance community.
Stakeholder anticipation
- Member charities and supporters are watching closely how early strategic directions take shape under his leadership, especially regarding collaboration across regions, income diversification and shared services support.
Focus on collaboration
- McGrath’s background in collaborative policy and organisational development suggests a strong emphasis on strengthening AAUK’s role as a unifying voice for air ambulance charities across the UK.
Summary — Key Facts
| Appointment | Mike McGrath as CEO of Air Ambulances UK |
|---|---|
| Start Date | Spring 2026 |
| Background | Experienced charity leader with 25+ years, including 14 at NSPCC |
| Role Focus | Strategic leadership, collaborative growth, sector support |
| Sector Context | Rising emergency care demand and need for national advocacy |
| Chair Comment | Leadership and collaboration skills welcomed |
Bottom Line: Mike McGrath’s selection as CEO comes at an important time for the UK air ambulance sector, combining leadership experience with a clear focus on collaboration, growth and impact for lifesaving services. (AirMed&Rescue)
Here’s a comprehensive, case‑study‑style overview of the news that Air Ambulances UK (AAUK) has appointed Mike McGrath as its new Chief Executive Officer, including real examples, leadership context, and sector commentary on what it means for the organisation and the wider air ambulance community in the UK. (AirMed&Rescue)
Case Study 1 — Strategic Leadership Transition at AAUK
Context & Appointment
Air Ambulances UK — the national umbrella body that supports and represents the UK’s 21 independent air ambulance charities — has appointed Mike McGrath as its next Chief Executive Officer, with McGrath due to take up the role in spring 2026. (AirMed&Rescue)
McGrath succeeds the outgoing CEO (following a leadership change process begun after the previous CEO announced their departure). This leadership transition is occurring at a time of continued growth in demand for lifesaving air ambulance services and increasing operational complexity across the sector. (Air Ambulances UK)
McGrath’s Background
- 25 years of charity leadership experience, including a 14‑year career at the NSPCC, most recently as Special Adviser to its Child Safety Online Taskforce. (AirMed&Rescue)
- Experience spans organisational transformation, income growth, innovation and impact — key skills for leading a national charity network. (AirMed&Rescue)
- Serves as Trustee of Prostate Cancer UK and holds credentials from Windsor Leadership, Newcastle University, the Open University, and the Chartered Institute of Fundraising. (AirMed&Rescue)
Early Strategic Implications
McGrath’s appointment comes as AAUK doubles down on:
- Sector support and advocacy for lifesaving HEMS care delivered by member charities;
- Strengthened funding and partnership approaches to sustain operations that collectively respond to tens of thousands of life‑critical missions each year;
- Coordination with institutional partners (e.g., NHS Supply Chain and others) to optimise resources and service delivery. (AirMed&Rescue)
Case Study 2 — Leadership Messaging & Internal Response
Mike McGrath’s Perspective
In announcing his appointment, McGrath stated that he feels:
“delighted and humbled… [to support] so many people who deliver lifesaving care every day” and is enthusiastic about “leading Air Ambulances UK into its next chapter.” (AirMed&Rescue)
This reflects a priority on continuity of mission and staff empowerment, positioning service delivery and organisational collaboration as early strategic focuses.
Trustees’ Reaction
Sarah Thewlis, Chair of AAUK’s Board of Trustees, welcomed McGrath’s leadership, emphasising:
- his deep sector experience,
- his commitment to collaborative working, and
- the value his skill set brings to an organisation that must balance operational support and national advocacy. (AirMed&Rescue)
This internal support signals continuity as well as a renewed focus on strategic growth, particularly around unifying and representing the 21 member charities more effectively.
Sector Commentary & Wider Impact
Sector‑Wide Relevance
McGrath’s leadership arrives when air ambulance charities are increasingly highlighted for their critical role in pre‑hospital emergency care — providing timely lifesaving interventions across road traffic trauma, cardiac arrest, falls and other acute medical emergencies. (AirMed&Rescue)
AAUK is central to national campaigns like Air Ambulance Week and also engages in policy advocacy to support sector sustainability. McGrath’s expertise in organisational strategy and fundraising is seen as timely, given the need for:
- Enhanced income generation,
- Growth of collaborative initiatives, and
- evidence‑based advocacy with policymakers on behalf of charities and the patients they serve. (AirMed&Rescue)
Public & Professional Commentary
While specific public comments on McGrath’s appointment are still emerging, early professional reaction can be categorised around a few themes:
1. Appreciation for Continuity and Experience
Industry insiders note that McGrath’s charity leadership background — particularly in transforming organisations and growing impact — suits the highly collaborative and fundraising‑dependent structure of AAUK.
2. Optimism about Strategic Growth
Observers anticipate that his leadership could help move AAUK into new areas of influence, particularly in coordinating sector‑wide responses to rising demand and in strengthening national visibility.
3. Emphasis on Collaboration
Because AAUK’s member organisations are independent charities, building collective strength and shared strategy across regions is key. McGrath’s focus on collaboration is seen as a strong fit for this role.
Key Takeaways
Leadership Shift:
- Mike McGrath’s appointment as CEO of Air Ambulances UK positions him to lead a critical sector body at a pivotal time. (AirMed&Rescue)
Strategic Direction:
- His background suggests a focus on organisational strength, collaborative growth, and advocacy, helping member charities amplify their lifesaving impact. (AirMed&Rescue)
Sector Response:
- Early reactions signal support from trustees and broader sector stakeholders, highlighting confidence in McGrath’s ability to steer AAUK into its next chapter. (AirMed&Rescue)
Operational Context:
- As demand for pre‑hospital critical care continues to rise and funding pressures persist, AAUK’s leadership role — now under McGrath — remains essential to coordinating service delivery, fundraising, and national policy engagement. (AirMed&Rescue)
Here’s a clear, case‑study‑style breakdown with expert and community commentary on the sophisticated multi‑stage phishing campaign that exploited a Google Cloud email feature, showing how attackers abused trusted infrastructure, the impacts on organizations, and what security teams are saying. (asianfin.com)
Case Study 1 — Abuse of Google Cloud Application Integration
How the Attack Worked
Cybercriminals leveraged Google Cloud’s Application Integration “Send Email” feature — a legitimate automation tool designed for workflow notifications — to send out phishing emails that appear to originate from Google’s own domains. Because the messages were technically sent from infrastructure owned by Google, they bypassed typical email authentication checks like SPF and DMARC and often ended up in inboxes rather than spam folders. (asianfin.com)
Attack Flow (Multi‑Stage):
- Initial Email: The phishing message came from the legitimate address
[email protected], mimicking routine enterprise alerts like voicemail or file access notifications, which many employees trust. (asianfin.com) - Trusted Redirects: Clicking a link first took users to a Google Cloud Storage URL (
storage.cloud.google.com), a trusted domain that doesn’t raise red flags. (Security Affairs) - CAPTCHA / Validation Stage: The next redirect led to a googleusercontent.com page with a fake CAPTCHA — a tactic that helps evade automated security scanners by making it look like a normal verification step. (Security Affairs)
- Credential Harvesting Page: Finally, users landed on a fake Microsoft login page hosted on a non‑Microsoft site designed to steal credentials when entered. (Security Affairs)
Scope of the Campaign
- Over ~9,300 phishing emails were sent over a two‑week period in December 2025. (asianfin.com)
- Roughly 3,200 organizations worldwide were targeted, including in the U.S., Europe, Asia‑Pacific, Canada, and Latin America. (asianfin.com)
- Impacted sectors included manufacturing, technology/SaaS, financial services, professional services, and retail, all of which frequently rely on cloud notifications. (Medium)
Why It Worked
• Sending via Google Cloud gave attackers high sender reputation — many email filters implicitly trust Google domains. (Medium)
• The lures mimicked routine enterprise alerts, lowering recipients’ guard. (asianfin.com)
Case Study 2 — Credential Harvesting and Evasion Techniques
Multi‑Stage Redirection — A Sophisticated Trick
This attack used trusted cloud URLs first, which is effective because many security scanners stop crawling once presented with a CAPTCHA or similar user challenge. Once past this stage, defenders can’t easily inspect the underlying malicious site. (Security Affairs)
Credential Capture Page
The final landing page is a near‑perfect fake Microsoft login screen — which, when filled in, sends credentials straight to the attackers. This is a typical credential harvesting tactic where attackers aim to capture enterprise login data for later misuse. (asianfin.com)
Sector Impact Example
- In the manufacturing sector, phishing emails referenced file access permissions and similar workflow notifications, making them plausible and increasing click rates. (GBHackers Security)
- Organizations that use cloud notifications heavily were especially vulnerable because employees are trained to act on such messages. (TechRadar)
Expert Commentary & Community Reaction
Security Research Community
Cybersecurity firm Check Point stated this is an example of “misuse of legitimate cloud automation to distribute phishing at scale without traditional spoofing,” meaning attackers didn’t need to forge domains but simply abused trusted tools — a growing trend in cloud‑centric attacks. (The Hacker News)
Google itself confirmed the software wasn’t compromised; rather, attackers misused a legitimate feature, and the company has already blocked these specific phishing efforts and is working on further safeguards. (TechRadar)
Security Practitioner Feedback
On cybersecurity forums, analysts have discussed the difficulty this kind of campaign poses because:
- It doesn’t rely on forged domains — making traditional anti‑spoofing measures less effective. (Reddit)
- It forces defenders to examine behavior and content, not just sender reputation. (Reddit)
Community Questions Raised
Debate among security pros includes:
- Should emails from cloud‑generated notifications be treated differently by security controls? (Reddit)
- Is user training alone sufficient to counter clever social engineering that exploits trusted tooling? (Reddit)
Industry & Organizational Commentary
Defense and Awareness
Many cybersecurity professionals say that while technical safeguards (DMARC/SPF/DKIM) remain important, attackers are increasingly pivoting to feature abuse and social engineering, blurring the line between legitimate and malicious use of cloud services — so multi‑layered defenses are required, including advanced threat detection and user awareness training. (Cyber Recaps)
Enterprise Impact
Large organizations with cloud automation and widespread use of Google Workspace services must now think beyond email authentication and use tools that analyze email intent and user context, because a message coming from a Google domain today no longer guarantees it’s safe. (redsecuretech.co.uk)
Key Lessons & Takeaways
Sophistication of Modern Phishing
This campaign demonstrates how attackers now:
- Exploit cloud features themselves, not just spoof domains. (asianfin.com)
- Use multi‑stage redirections through trusted infrastructure to evade automated detection. (Security Affairs)
- Tailor messages to user habits (e.g., voicemail alerts, shared file notices). (asianfin.com)
Defensive Implications
Organizations need advanced email filtering beyond basic authentication checks. (Cyber Recaps)
User training should include awareness of trusted‑looking phishing that doesn’t involve obvious spoofing. (Reddit)
Monitoring and anomaly detection on cloud automation flows can help catch misuse before phishing emails are sent. (Cyber Recaps)