Action to thwart fraud
By Robin Stride
Medical accountants are launching a drive to help doctor business owners protect themselves from growing numbers of fraud attacks.
Private consultants and GPs will be warned to safeguard themselves both from fraudsters outside and inside their practices.
The ‘fight fraud’ campaign swung underway after members of the Association of Independent Specialist Medical Accountants (AISMA) were presented with a dossier of fraud case histories from a top practice management consultant and a healthcare banking boss.
Their annual conference heard of eight cases where practice managers had stolen huge sums from their employer doctors – many of the victims blissfully unaware of the attacks until it was too late and they had lost six-figure sums.
One manager stole £100,000, another was jailed after a £150,000 fraud, one was imprisoned for a £250,000 theft, another for a £270,000 swindle and another was locked up for stealing £300,000.
Fiona Dalziel, of DL Practice Management Consultancy, cited instances of a manager paying herself overtime while on holidays, another signing cheques to false suppliers, and a doctor who kept payments which should have gone to all partners.
There were also cases of internal fraud where doctors decided not to go to the police because they were embarrassed, she said.
She warned that fraud was often fed by doctors’ preoccupation being focused on patients and the relief doctors felt to have someone working with them who they thought would take care of the business side of things.
Accountants were also alerted by Ian Crompton of Lloyds Bank to new types of fraud threats from outside the practice.
Mr Crompton, UK head of healthcare banking services at Lloyds, told Independent Practitioner Today: ‘As with many other sectors, medical practices need to maintain a high level of vigilance in order to spot fraudsters who continue to develop new, increasingly sophisticated tactics to steal their funds.
‘This is particularly the case with cyber fraud attacks where criminals can easily hide their identity from unsuspecting victims. “Ransomware” and “cyber extortion” are both relatively recent types of fraud seen targeting medical practices.’
Ransomware blocks or restricts access to the infected computer system. Fraudsters usually infect a victim’s PC by encrypting files on the system’s hard drive and then threaten to deny access to their data again unless a ransom is paid.
The files will be almost impossible to decrypt without paying the ransom for the encryption key and this forces many victims into paying the fraudster, usually in bitcoins which are difficult to trace.
Cyber extortion occurs when a fraudster issues a threat via online methods to a potential victim. As with Ransomware, the demand is usually aimed at forcing a payment to the fraudster in bitcoins or they will carry out their threat.
AISMA chairman Bob Senior said accountants were concerned their clients working in private practice could be hit by fraud if they failed to have proper financial controls.
He said: ‘Busy doctors under severe time pressure must resist the temptation to hand over responsibility for their business finances to a third party and simply let them get on with it.’
The body’s guide to fraud protection will include a risk management check list and model fraud policy to share with staff.
Next month: How to protect yourself against new methods targeting medical practices
- See ‘Lock out the scammers’