Counter Fraud Newsletter

scruttonbland.co.uk

FOR THE HEALTH AND SOCIAL CARE SECTOR COUNTER FRAUD

NEWSLETTER

Contents

Exposing a Chilling Deepfake Scheme in Hong Kong

Uncovering a CEO Impersonation Scam Targeting NHS Organisations

GP Practice Administrator Sentenced for Prescription Fraud

Reporting Fraud

2 | SCRUTTON BLAND | COUNTER FRAUD

Introduction

The Strategic Pillars The NHSCFA 2023-2026 Strategy:

Welcome to our Spring Counter Fraud Newsletter. The NHS Counter Fraud Authority (NHSCFA) continues to estimate that the NHS is vulnerable to £1,264 billion worth of fraud each year. Fraud is deception carried out for personal gain, usually for money. Fraud can also involve the abuse of a position of trust. By ‘NHS fraud’ we mean any fraud where the NHS is the victim. While those who commit fraud against the NHS are a small minority, their actions have a serious impact on us all. Fraud against the NHS could be committed by anyone. This includes members of staff, patients, contractors, suppliers, medical professionals and external parties, such as cybercriminals.

Working together to understand, find and prevent fraud, bribery and corruption in the NHS’ focuses on four key pillars: Understand, Prevent, Respond and Assure.

1. Understand how fraud, bribery and corruption affects the NHS.

Fraud takes taxpayers’ money away from patient care and into the hands of criminals. Everyone has a part to play in fighting fraud and being aware of the risk and remaining vigilant are the most important first steps, followed by knowing how to report fraud. Contact details for reporting fraud in confidence are included at the end of this newsletter so if you have any suspicions that fraudulent activity may be occurring, please report this at the earliest opportunity.

2.

We will ensure the NHS is equipped to take proactive action to prevent future losses from occurring.

3.

When we know that fraud has occurred, we are equipped to respond .

We can assure our key partners, stakeholders and the public that the overall response to fraud across the NHS is robust.

4.

COUNTER FRAUD | SCRUTTON BLAND | 3

Exposing a Chilling Deepfake Scheme in Hong Kong

As technology rapidly progresses, the boundaries between authentic and artificial reality grow hazier. A recent incident in Hong Kong has laid bare the ominous implications of deepfake technology falling into the wrong hands, as cyber criminals orchestrated an audacious fraud with severe consequences.

4 | SCRUTTON BLAND | COUNTER FRAUD

The Synthetic CFO Scam In the early weeks of February 2024, a company was the victim of an elaborate deception aimed at its financial division. The fraudsters exploited state-of-the-art AI deepfake capabilities to digitally reconstruct the company’s Chief Financial Officer (CFO), issuing bogus money transfer orders. The fabrication was so convincing it bypassed conventional safeguards, resulting in a multi- million dollar unauthorised offshore payment from the victimised firm. The perpetrators painstakingly employed AI to digitally clone the CFO, replicating his voice, visage, and mannerisms with high levels of accuracy. Such was the precision of the forgery that employees could not discern the false from the genuine as the deepfake commanded an “urgent and confidential” $25 million remittance overseas. The hoax banked on the psychological principle that staff will comply with seemingly legitimate instructions from leadership.

Reverberating Fallout This cyberfraud has sent shockwaves rippling through Hong Kong’s corporate sphere and beyond. The targeted company suffered major financial injury and endured severe reputational damage upon the incident’s disclosure. It exemplifies how cyber threats now fuse technological trickery with psychological exploitation to devastating effect.

AI Sentry Systems : Deploying emerging AI cyber defence systems capable of detecting deepfake artifacts and abnormal communication patterns. Hardened Verification Protocols : Establishing secure communication channels and rigorous approval processes for validating sensitive data before irreversible actions.

Fortifying Defenses As deepfake technology grows more

The Hong Kong deepfake scam serves as a piercing wake-up call that technological progress enables novel forms of criminal deceit. Through sustained education, advanced preventative measures, and unified vigilance, we can counter tactics like deepfake cons in the digital domain.

sophisticated, public and private entities alike must fortify their vigilance. Protective countermeasures warrant serious consideration:

Awareness : Fostering widespread understanding of deepfake risks and the necessity of verifying all sensitive instructions, financial undertakings in particular. Enhanced Identity Confirmation : Instituting multi-factor authentication and stringent corroboration requirements for high-stake transactions or anomalous requests.

COUNTER FRAUD | SCRUTTON BLAND | 5

Uncovering a CEO Impersonation Scam Targeting NHS Organisations

CEO fraud can be characterised as a criminal masquerading as a senior organisational figure, typically the Chief Executive Officer or Director of Finance (DOF), with the intent of persuading personnel to expedite unauthorised payments.

6 | SCRUTTON BLAND | COUNTER FRAUD

T he NHS Counter Fraud Authority (NHSCFA) is aware of of numerous recent instances of CEO fraud across various NHS entities, with one culminating in an illicit gain of approximately £30,000. Anatomy of the Fraud The finance team receive correspondence purportedly from the organisation’s DOF, urgently requesting a substantial remittance to a designated bank account via the faster payment system. In some recent cases, including the successful £30,000 theft, the DOF had been absent from work or on annual leave, suggesting heightened vulnerability during such periods. The fraudulent communication employed name spoofing, using the DOF’s legitimate name but an unaffiliated email address visibly unconnected to the NHS domain. The primary request was directed to the finance team’s generic mailbox, with some instances also directly addressing specific team members by name. Inadvertent information divulged through out- of-office automated replies or social media may have enabled the perpetrator to obtain finance staff identities. Social engineering tactics were then deployed to cultivate rapport and coerce payment. The initial email omitted the purported invoice, prompting a follow-up with the attachment. This tactic could circumvent domain security measures while eliciting further staff engagement and data. The invoice itself exhibited numerous red flags. The fraudster persistently pursued payment through multiple email reminders.

Prevention Guidance To safeguard against such fraud and bolster organisational defences, the following controls merit consideration: Ensure generic finance mailbox automated replies do not disclose staff contact details exploitable for social engineering attacks. Be wary of emails appearing to originate from genuine contacts like suppliers or internal executives. Finance personnel should remain vigilant for red flags like:

• • • • • • • •

Subtle email/domain discrepancies

Poor grammar/language use

Urgency emphasised

Unusual salutations/signatures References to unfamiliar individuals Subject irrelevant to operations

Missing expense coding Persistent follow-ups

The following actions should be considered to help prevent such emails from being received:

Implement monitoring systems for system alert messages highlighting potential fraudulent traits within emails. Implement relevant Standard Operating Procedures and mandated training addressing ad-hoc and expedited payment requests.

Regularly review and clear junk mail folders of non-essential items.

Foster cross-departmental collaboration between counter fraud, finance, and IT security to ensure teams are alerted when executives like the CEO/DOF are on leave. Scrutinise invoices rigorously, conducting supplier due diligence against existing records. This could include:

• • • • •

Sparse details in descriptions Missing purchase order numbers

No expense coding

Absence of company logos Company name discrepancies

Through awareness, vigilance and robust preventative measures, NHS organisations can fortify their defences against the pernicious threat of CEO impersonation fraud.

COUNTER FRAUD | SCRUTTON BLAND | 7

Recent Cases

GP Practice Administrator Sentenced for Prescription Fraud A former GP Practice Administrator from Folkestone, Kent, was recently sentenced for fraudulently obtaining prescription drugs. The individual, who was employed between February 2020 and June 2023, misused their access to patient records to create unauthorised entries for the painkiller Tramadol. They would then print prescriptions and subsequently cancel the records, using both their own username and those of other staff members. The Practice Administrator collected the Tramadol from various pharmacies, fuelling an addiction to the potent opioid. In total, 232 fraudulent prescriptions were created, resulting in the acquisition of 22,252 Tramadol tablets.

8 | SCRUTTON BLAND | COUNTER FRAUD

T he investigation revealed that the Practice Administrator abused their position to access medical records and create prescriptions for Tramadol to feed their addiction. After printing the prescriptions, they attempted to conceal their actions by cancelling and deleting the drug entries. However, audit trails exposed the full extent of the offending behaviour. A vigilant pharmacist recognised the individual as working at the GP Practice and alerted the Local Counter Fraud Team upon receiving a prescription intended for another person.

Former GP Practice Manager Handed Three-Year Sentence for Fraud Following an investigation conducted by NHS Counter Fraud Service (NHSCFS) Wales, a former GP Practice Manager has been sentenced to three years’ imprisonment by Swansea Crown Court for misappropriating £324,000 from the practice for personal gain. The individual had been employed at the Surgery since 2009, holding sole responsibility for the practice’s day- to-day financial operations, including payroll, locum payments, and settling supplier invoices. At the time of their suspension in 2022, their annual salary was approximately £45,000. The fraud came to light when financial documents surfaced at the surgery indicating a recent payment had been issued to a locum doctor who had not worked at the facility for several years. Alarmed by this discrepancy, one of the senior partners reported the matter to South Wales Police in March 2022, who subsequently referred it to NHSCFS Wales for comprehensive investigation. As part of the inquiry, an NHSCFS Wales Financial Investigator conducted a forensic analysis of the individual’s bank accounts, determining that the embezzled funds had been siphoned into their personal accounts and spent. In rendering the three-year custodial sentence, the presiding Judge remarked, “The impact of this sort of fraud is varied - emotional, practical and financial.” The former GP Practice Manager had entered a guilty plea in December to one count of Fraud by Abuse of Position. The Deputy Operational Fraud Manager at NHSCFS Wales stated, “The impact of their fraudulent actions are far reaching and have had significant impact on their former employer. They abused their position and the trust of their employers and colleagues for their own personal greed. NHSCFS Wales will now utilise its powers under the Proceeds of Crime Act 2002 to recover the misappropriated funds and return them to the victims.” they added.

Anaesthetic Nurse Convicted for Defrauding Trust Due to Working Whilst Sick In May 2024, an anaesthetic nurse was found guilty at Westminster Magistrates’ Court on five counts of fraud committed by working for a private agency while on sick leave from their substantive NHS role. The individual, employed as a team leader within the Trust’s operating theatres, undertook unauthorised employment during five separate periods of reported sickness absence. In doing so, they wrongfully received £18,174 in sick pay from the Trust, which additionally incurred £18,070 in costs to provide staffing cover for the shifts they had been scheduled but failed to attend. The total financial detriment to the NHS amounted to £36,244. The court imposed a Community Order spanning 18 months, accompanied by a 7-day Rehabilitation Activity Requirement, 200 hours of unpaid work, and a directive for the defendant to compensate their employer £2,400 within 12 months. In issuing the sentence, the presiding Judge remarked, “I feel that a Community Order can be justified, albeit a high level one.” The Local Counter Fraud Specialist (LCFS) commented, “’Working while sick’ frauds not only cause a financial loss but also, and perhaps more significantly, can impact patient care as wards are frequently unable to provide cover leaving staff short- handed. This in turn impacts upon stress levels and morale of those staff who do attend the workplace.”

The court acknowledged that fraud investigations within the NHS are

primarily funded by local NHS providers. Consequently, the sentenced Practice Administrator was ordered to complete 150 hours of unpaid work, participate in 25 days of Rehabilitation Activity, and pay £5,344 in compensation, including £4,558 towards the investigation costs.

COUNTER FRAUD | SCRUTTON BLAND | 9

Reporting Fraud

Everyone has a part to play in fighting fraud. If you work for the NHS and suspect any fraud, bribery, or corruption against the NHS, please contact your Local Counter Fraud Specialist. Alternatively, please contact the NHSCFA 24-hour reporting line by calling 0800 028 4060 , or by completing the online reporting form. All reports are treated in confidence, and you have the option to remain anonymous.

0330 058 6559 scruttonbland.co.uk

@scruttonbland

0832/06/2024/MKTG

Page 1 Page 2 Page 3 Page 4 Page 5 Page 6 Page 7 Page 8 Page 9 Page 10

www.scruttonbland.co.uk

Made with FlippingBook Learn more on our blog