- Posted Tuesday April 18, 2017
Working to detect and prevent fraud is sadly an everyday part of business life these days, and while GP practices might not seem like the most obvious targets for the criminals who carry out such enterprises, it's far from uncommon across the primary care sector.
Fraudulent activities come in many shapes and sizes, from the unsubtle and easy to spot through to very sophisticated techniques and technology-based attacks. They all have one thing in common however - the serious impact they could have on your practice's cashflow, operational capacity and even its future viability.
A recent report from Lloyds Bank highlighted two particular types of attack that are becoming increasingly common in primary care, both of which, reassuringly, can be addressed in advance through implementing and applying robust payment authorisation procedures.
The “CEO fraud” sees criminals hacking into or imitating the email account of a senior person within a supplier business, and requesting that an urgent and highly confidential payment is made to a specific account - it could, for example, be an email from a partner asking that additional drawings be paid into their spouse's account while they are on holiday.
The account supposedly belongs to their employer, but of course in reality, it belongs to the fraudster.
In the same vein, “Invoice fraud” involves criminals, perhaps purporting to be from firms such as pharmaceutical wholesalers, asking for drug payments to be made following the receipt of the latest flu vaccination. They may contact a practice to say that invoices for a particular supplier should now be paid into what is supposedly their new bank account, but which once again is nothing of the sort.
If practice staff follow agreed procedures around paying invoices and dealing with paperwork such as this, then both of these techniques should be detectable. This does rely though on both practices setting out the right sort of systems and those with responsibility for following them doing so precisely.
With the process of claiming and receiving NHS treatment payments becoming ever more detailed, maintaining clear oversight of practice financial and management data is also essential for ensuring nothing untoward is happening within practices' four walls.
In terms of technology threats, every organisation that uses computers and is connected to the internet is at risk of cyber-attacks through viruses, malware and the increasingly common ransomware, which works by uploading a piece of software onto a business's computer network. This can often be through an innocent-looking email attachment which a recipient unwittingly clicks or possibly via a weak spot in the system that is being used. These attacks lock users out of their files by encrypting them, before the criminals behind the attack then make a demand a payment for removing the programme.
Recent industry research found that almost two thirds (63%) of small businesses suffered a malware infection in 2015, compared to 45% the year before. Meanwhile, the number that had suffered online attacks by 'unauthorised outsiders' has risen from 33% to 38% over the same period.
Once again, taking a proactive approach to addressing these types of risks is essential.
No business can make itself entirely safe from the fraudulent actions of others, but doing all that you can to make your operations as watertight as possible should be the approach that responsible primary care practices take.
Specialist medical accountants at RMT offer medical professionals advice and guidance that is tailored to the unique monetary and legislative environment in which healthcare industry workers live. For more information visit their website.