scruttonbland.co.uk
COUNTER FRAUD NEWSLETTER
FOR THE HEALTH AND SOCIAL CARE SECTOR
Contents
Introduction
Generative AI Fraud
Welcome to our Winter Counter Fraud Newsletter. The NHS Counter Fraud Authority continues to estimate that the NHS is vulnerable to £1,264 billion worth of fraud each year. Fraud is deception carried out for personal gain, usually for money. Fraud can also involve the abuse of a position of trust. By ‘NHS fraud’ we mean any fraud where the NHS is the victim. While those who commit fraud against the NHS are a small minority, their actions have a serious impact on us all. Fraud against the NHS could be committed by anyone. This includes members of staff, patients, contractors, suppliers, medical professionals and external parties, such as cybercriminals. Fraud takes taxpayers’ money away from patient care and into the hands of criminals. Everyone has a part to play in fighting fraud and being aware of the risk and remaining vigilant are the most important first steps, followed by knowing how to report fraud. Contact details for reporting fraud in confidence are included at the end of this newsletter so if you have any suspicions that fraudulent activity may be occurring, please report this at the earliest opportunity.
Current Fraud Alerts
Salary Sacrifice Scheme
Fake English Certificates Pose Risk to Patient Safety in the NHS
Hospital consultant sentenced after forging timesheets
2 | SCRUTTON BLAND | COUNTER FRAUD
COUNTER FRAUD | SCRUTTON BLAND | 3
Generative AI Fraud
What is Generative AI? Imagine a powerful tool that can not only analyse data but also create entirely new content, including text, images, and even voice recordings. That’s what generative AI is. Unlike traditional AI which predicts based on existing data, generative AI uses complex algorithms to learn and then produce seemingly real and original content. Why is this a concern in the UK healthcare sector? Whilst generative AI holds great promise for advancements in drug discovery and personalised medicine, it also poses significant risks: Sophisticated phishing attacks : Fraudsters can use generative AI to create emails that mimic the writing style and tone of healthcare professionals or institutions, potentially tricking staff and patients into divulging sensitive information or clicking on malicious links. Voice spoofing (or voice cloning) : Generative AI is used to copy a person’s voice. These synthetic voices can be programmed to deliver specific phrases or even function as chatbots, making them a potent tool in the hands of fraudsters. For example, a seemingly genuine voicemail could be attached to a phishing email, supposedly from a doctor, family member, or other trusted individual. The emotional impact of hearing a familiar voice urging you to take action could significantly increase the scam’s success rate. Deepfakes of healthcare officials : Imagine a fake video of a doctor circulating online, spreading misinformation or endorsing fraudulent products. Deepfakes, powered by generative AI, can erode trust in healthcare professionals and create confusion among the public. Synthetic patient records : Fraudsters could generate fake patient records to access healthcare services, medication, or insurance benefits illegally. This could lead to increased costs for the healthcare system and put real patients at risk.
How can we protect ourselves? Despite the challenges, staying vigilant and informed is key. Here are some tips : Be skeptical of unsolicited communication : Whether it’s an email, phone call, or video, be wary of messages urging you to act quickly or share personal information. Verify the sender’s identity through official channels before responding. Look for red flags : Pay attention to inconsistencies in writing style, grammatical errors, or blurry images/videos that might indicate a deepfake. If something seems suspicious, trust your gut and don’t hesitate to report it. Stay informed : Familiarise yourself with the latest tactics used by fraudsters and keep your software and security measures up-to-date.
Guidance
•
Always be wary of information you see online, especially in forums or websites where members of the public can post. Be mindful of emails, phone calls and videos that want you to act quickly as this is often the sign of a scam. Always verify the request through trusted means before acting. If in doubt, report your concerns to your IT Department, your Local Counter Fraud Specialist or your Fraud Champion.
•
•
4 | SCRUTTON BLAND | COUNTER FRAUD
COUNTER FRAUD | SCRUTTON BLAND | 5
Current Fraud Alerts
Procurement Fraud The risks of procurement fraud remain across the NHS, and between 2020 and 2022 the NHS Counter Fraud Authority (NHSCFA) set out to understand the true nature and potential value of the procurement fraud risks. In 2022, the NHSCFA reported the findings of its national NHS procurement exercises, including an evaluation of NHS procurement spending during the Covid-19 pandemic and a national exercise that focused on procurement fraud risk areas, including contract management and purchase order vs non-purchase order spend. The reports highlighted two areas where performance could be improved, these being due diligence and contract management. Due diligence failings : The reviews revealed a concerning lack of rigorous checks on new suppliers. Before entering into any contract, it’s crucial to thoroughly understand the company’s
Strengthen contract management : Assign dedicated contract managers, ensure regular oversight from procurement teams, and establish clear performance indicators to track progress and identify potential risks. Report suspicious activity : If you observe any concerns about procurement practices or potential fraud, report them immediately through your internal channels or directly to the NHSCFA.
viability, reputation, and ability to deliver. Insufficient due diligence exposes the NHS to a multitude of risks, including poor performance, non-delivery, fraud, reputational damage, and patient safety issues. Building a robust and effective due diligence process is paramount, and addressing this shortfall has been a recurring concern voiced by the NHSCFA. Contract management vulnerabilities : The procurement exercises found numerous vulnerabilities in existing contracts due to certain organisational behaviours and practices, leading to an increased risk of fraud. Notably, some lacked dedicated contract managers, oversight from procurement teams, and clear performance metrics. Strategic oversight from procurement professionals strengthens knowledge within the organisation, leading to sharper and more effective key performance indicators (KPIs) when it comes to reprocuring goods and services in the future.
While these findings might seem daunting, there are positive steps that can be taken to make a difference: Raise awareness : Share this information with colleagues involved in procurement processes. Encourage open discussions about best practices and staying vigilant against potential fraud. Implement robust due diligence : Establish clear procedures for verifying supplier viability, reputation, and ability to deliver. Don’t rush into contracts without conducting thorough checks.
6 | SCRUTTON BLAND | COUNTER FRAUD
COUNTER FRAUD | SCRUTTON BLAND | 7
Salary Sacrifice Scheme
T he NHS Counter Fraud Authority (NHSCFA) has identified emerging trends about a new scam targeting salary sacrifice schemes within the healthcare system. These schemes allow employees to purchase items such as bikes, cars, or gadgets at a discounted rate through pre-tax deductions from their salaries. While convenient for employees, the system’s weaknesses have been exploited by fraudsters. Fraudsters are exploiting vulnerabilities in salary sacrifice schemes by acquiring staff credentials through phishing or data breaches, and then manipulating accounts to make high-value purchases, often expensive gift vouchers, that exploit the pre-tax benefit. Unfortunately, some organisations lack robust verification checks, allowing these fraudulent transactions to be processed unnoticed. The delay between receiving the goods and experiencing the salary deduction also means employees often discover the scam only after the damage is done. This not only impacts individual staff financially, but also leads to significant losses for the organisation itself as they reimburse these fraudulent transactions. While affected employees may eventually see their stolen wages returned, the initial financial burden falls squarely on the healthcare organisation, as they are the ones footing the bill for the fraudulent purchases. Beyond the immediate financial loss, these scams also erode public trust in the NHS and wider healthcare sector, raising concerns about the security of their systems and data. This reputational damage can have far-reaching consequences, ultimately impacting the public’s confidence in the healthcare system they rely on.
What can be done? There are actions that individuals and organisations can take to help mitigate the risks associated with salary sacrifice scheme fraud: Stronger passwords : Staff should practice good password controls, using strong, unique passwords and enabling multi-factor authentication wherever possible. For example, using a passphrase or three random words as your password and ensuring they are a minimum of 14 characters in length. Increased vigilance : Be cautious of suspicious emails, texts, or phone calls requesting personal information. Report any such attempts to the relevant authorities. Robust verification : Organisations must implement stricter verification procedures for salary sacrifice scheme enrolment and purchases. This could include additional checks, approvals, and notifications. Raise awareness : Educating staff about this scam and its modus operandi can help them stay vigilant and identify potential attempts.
8 | SCRUTTON BLAND | COUNTER FRAUD
COUNTER FRAUD | SCRUTTON BLAND | 9
Fake English Certificates Pose Risk to Patient Safety in the NHS
Recent Case Hospital consultant sentenced after forging timesheets
T he NHS Counter Fraud Authority (NHSCFA) has raised concerns involving international medical trainees using forged International English Language Testing Systems (IELTS) certificates. These certificates, essential for obtaining visas and working in the NHS, are intended to ensure language proficiency for safe patient care. However, fraudulent certificates threaten patient safety and damage the reputation of NHS organisations.
The fraud unfolds with trainees submitting forged IELTS certificates claiming the necessary score for English language proficiency. These fabricated documents grant them access to the UK, employment within the NHS, and can be used to register with the Nursing and Midwifery Council. Unfortunately, many NHS and healthcare organisations remain unaware of, or simply haven’t adopted, the readily available online verification service offered by IELTS, leaving them reliant on potentially unreliable assurances from third parties. This gap in verification creates a vulnerability that fraudsters are exploiting.
To combat this trend, the NHSCFA urges all NHS and healthcare organisations to make the online IELTS results verification service a standard part of their recruitment process. This straightforward step acts as a barrier against employing individuals with forged certificates, ultimately safeguarding patient safety. Additionally, similar verification measures should be implemented for alternative language tests like the Occupational English Test (OET). Thankfully, further action is on the horizon, with NHS England and NHS Employers expected to issue specific guidance and instructions on this critical matter. Embracing these recommendations is not just crucial for protecting patient safety and preventing fraud, but also for upholding the integrity and trustworthiness of the entire healthcare system.
A high-profile social media influencer and hospital consultant has received a suspended sentence for defrauding the NHS of over £50,000. This outcome serves as a stark reminder of the importance of vigilance against fraud within the healthcare system. The individual, recruited as a locum consultant to tackle the post-pandemic backlog at an NHS Foundation Trust, initially requested reduced hours. However, for six months, he submitted forged timesheets claiming full-time work and pocketing the additional pay. His scheme involved altering genuine signatures, fabricating timesheets, and even forging signatures himself.
Local counter-fraud specialists and the NHS Counter Fraud Authority unearthed the discrepancies during an audit at the Trust. Their extensive investigation led to charges against the individual under the Forgery and Counterfeiting Act 1981. At sentencing, the Judge condemned the consultant’s actions as “driven by greed” and bringing “disgrace upon himself and his profession.” While the consultant received a suspended sentence, this case highlights the potential consequences of such fraudulent activities.
This incident underscores the critical role of robust auditing systems and vigilant staff in detecting and preventing fraud within the NHS and the wider healthcare sector. It also serves as a cautionary tale for healthcare professionals, reminding them of the ethical and legal repercussions of such misconduct. Remember, the NHS relies on honesty and integrity. If you suspect any fraudulent activity, report it immediately to the relevant authorities. Together, we can safeguard precious NHS resources and ensure they reach those who truly need them.
10 | SCRUTTON BLAND | COUNTER FRAUD
COUNTER FRAUD | SCRUTTON BLAND | 1 1
Reporting Fraud Everyone has a part to play in fighting fraud. If you work for the NHS and suspect any fraud, bribery, or corruption against the NHS, please contact your Local Counter Fraud Specialist. Alternatively, please contact the NHSCFA 24-hour reporting line by calling 0800 028 4060 , or by completing the online reporting form. All reports are treated in confidence, and you have the option to remain anonymous.
0330 058 6559 scruttonbland.co.uk
@scruttonbland
0812/02/2024/MKTG
Page 1 Page 2-3 Page 4-5 Page 6-7 Page 8-9 Page 10-11 Page 12Made with FlippingBook Learn more on our blog