Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Welcome to the
Winter/Spring Edition
of Fraudulent Times.
This newsletter is designed to highlight areas of fraud within the NHS and to help you understand why we need to combat it effectively. By raising awareness of fraud cases it will help you to identify what fraud is and where it is most likely to occur. As always, I hope that you will find our newsletter a useful and interesting read. We value feedback on the content so if you have any comments or suggestions for topics in future editions please email these to us at the address at the bottom of the page. Penny Gee Assistant Director Anti-Crime Services 360 Assurance If you wish to report any concerns regarding fraud, bribery or corruption, please contact a member of our team (details can be found on the back page) or ring our fraud, bribery and corruption reporting line 0116 225 6121 or the NHS Protect Reporting Line on 0800 028 4060.
FraudulentFraudulent TimesTimes I ssue 36, Wi n ter / Spr ing
2016 /17
A newsletter from your Counter Fraud Specialist
Inside this issue...
T wo respected mental health professionals have been revealed as fraudsters after being investigated by NHS
Protect. Lisa Hill (55) and Dr Ian Walton (59) pleaded guilty to Fraud (Contrary to Section 2 of the Fraud Act 2006) for defrauding their former employer, Sandwell and West Birmingham Clinical Commissioning Group (SWBCCG), of £153,600. At the time of the offence, Hill was a Senior Commissioning Manager for Mental Health and a registered nurse, while Walton was a GP and clinical lead for Mental Health. They have each been sentenced to two years’ imprisonment, suspended for two years, plus 200 hours of unpaid work. Under a Proceeds of Crime Act (POCA) order made at the court, they must pay back the full amount of £153,600 in compensation (half each) within three months plus £7,500 each in prosecution costs. As well as their NHS roles, they were both trustees of a charity called Primary Care Mental Health and Education (PRIMHE), and Hill and Walton delivered training in their private capacities under the charity name, attracting students from all over the UK. In 2012, Sandwell and West Birmingham NHS Primary Care Trust (S&WB PCT) was coming to an end, being succeeded by the clinical commissioning group (SWBCCG). For a time, commissioners could apply for special ‘Innovations’ funding for schemes that improved quality of service to the public, by submitting business cases. But in December 2012, when Sandwell & West Birmingham PCT was in effect the SWBCCG in (continued on page 2)
© 360 Assurance, 2015. All rights reserved.
P2
P3
P3
P4
P5
P5
P6
The National Fraud Initiative
Lancashire Consultant Radiologist
pleads guilty to £24,000 NHS Fraud
NHS Protect Self-Assessment
Review Toolkit
Spotlight on Cyber Crime!
Scam Updates
Team News
ACS Contacts
FraudulentFraudulent TimesTimes
(continued from front page) shadow form, it was made known that this funding was no longer available as it was needed to ease ‘Winter Pressures’, the seasonal surge in demand for NHS services, including hospital admissions of vulnerable and elderly people. Knowing very well that the ‘Innovations’ funding had already been withdrawn, Hill and Walton still tried their luck and falsely submitted an invoice for £153,600 to SWBCCG, in the name of their PRIMHE charity. The money was signed off in error by a senior member of SWBCCG’s finance department, and duly arrived in the charity’s bank account. At this point Hill and Walton took advantage of their access as trustees and transferred 95% of it to a bank account under their control, held by a company registered to them called Walton Hill Associates. A colleague of Hill suspected fraud and raised the alarm with senior staff. With the full cooperation of Sandwell & West Birmingham CCG, NHS Protect mounted an investigation. The investigation revealed the high professional reputation and good connections of Walton and Hill. For example, they had negotiated contracts with Staffordshire University and Birmingham City University to get their training programmes accredited and had sought accreditation by the Royal College of General Practitioners (RCGP). They were also receiving payment as lecturers from Birmingham City University because of their expertise in mental health. The arrangement was that staff of Sandwell & West Birmingham CCG member practices would have their training paid for by the CCG as a commissioner. This meant it was in Lisa Hill’s financial interests to authorise the students to attend courses she was being paid to lecture on, and it emerged that some of these students should not have been funded by SWBCCG. This was another aspect of Hill’s abuse of trust. In 2012, when he was Chair of the Black Country Local Commissioning Group, Walton was named Clinical Leader of the Year at the National Association of Primary Care Commissioning (NAPC) Visions Awards, presented by Practical Commissioning Magazine. The awards “recognised the hard work of clinical commissioners, and what they have achieved through service redesign.” His work with the Primary Care Mental Health and Wellbeing Service was highlighted in October 2011. Hill and Walton are also known to have created a further company in order to deliver training to students, Top of The World Training Ltd (NHS Protect, 21 December 2016).
The National Fraud Initiative
Since 1996, the Audit Commission and more recently the Cabinet Office
have run the National Fraud Initiative (NFI). The NFI works by
cross-referencing an extensive range of data from almost 1300
organisations across the UK, bodies involved include; the NHS; police
authorities; local probation boards; fire and rescue authorities; as well as local councils and a
number of private sector organistions.
How it works;
Information held by participating bodies is shared with the Cabinet office for ‘data-matching’. This
involves comparing computer records held by one body against those held by another, to identify
any similarities. Where a match is found it can indicate any inconsistency and further
investigation is conducted by the relevant organisation, to establish whether there is any fraud,
error or other explanation.
The aim of the NFI is to ensure that, whilst upholding and protecting citizens’ rights in relation to
their personal data at all times, it continues to serve the public interest by;
Safeguarding public money against losses from fraud and corruption; and
Making an effective contribution to the wider fight against fraud.
The NFI, between 2014 and 2016, resulted in the dismissal or resignation of 52 employees that
had no right to work in the UK.
NHS Protect Self-Assessment Review Toolkit
NHS Protect leads on work to identify and tackle crime across the health service. The aim is to protect NHS staff and resources from activities that would otherwise undermine their effectiveness and their ability to meet the needs of patients and professionals. Ultimately, this helps to ensure the proper use of valuable NHS resources and a safer, more secure environment in which to deliver and receive care. Each year, health bodies across England are required submit a self-assessment of their compliance against NHS Protect Standards regarding fraud, bribery and corruption. For 2017/18, the deadline has been brought forward to 1st April 2017. Our team will therefore be completing a range of activities during February and March 2017 to ensure that we are able to aid client organisations in accurately scoring their compliance against these standards. If you are contacted by a 360 Assurance Anti-Crime Specialist during this busy period, we would be grateful if any information requests could be expedited as they may be directly related to your organisation’s self-assessment.
Did you know
FraudulentFraudulent TimesTimes
A Royal Preston Hospital doctor who defrauded the NHS of nearly £24,000 has pleaded guilty to a ‘rolled up’ charge of Fraud by False Representations. Consultant Radiologist John Coffey (53) is due to be sentenced on 3rd March. The hospital doctor was suspended and then resigned from his well-paid senior role at Lancashire Teaching Hospitals NHS Foundation Trust after being caught out. He was investigated by Local Counter Fraud Specialists, with support from the national counter-fraud body, NHS Protect. As a Consultant Radiologist, Coffey was responsible for reviewing and reporting on a variety of medical scans. He was not contracted to study plain film scans from standard x-rays as part of his job plan, but he agreed to do so at a rate of £4 per film, outside his working hours (after 5pm) to help his department to clear a ‘waiting list’ backlog. Previously, he had said he was far too busy and without any capacity for any additional duties. Once extra money was made available for the extra work, however Coffey completed most of it within his normal working hours. He effectively claimed himself an unearned, unapproved bonus at the hospital’s – and ultimately the taxpayer’s – expense. In an audacious yet simple scam, he would line up the almost-completed reports after working on them earlier in the day and wait until 5pm to re-enter the clinical IT system and hit the “submit” button. When later challenged, he tried to argue he had technically completed the work after office hours. In one day in March 2014, between 11:20am and 5pm, the consultant reviewed and reported on 100 plain film x-rays during a session when he was supposed to be doing his normal job plan work: a £400 loss to the NHS. The fraud investigation showed this was not a one-off. Coffey was routinely and consistently undertaking ‘after hours’ waiting list work during NHS contracted hours. In just over a year (between Autumn 2013 and Autumn 2014) Coffey’s series of frauds bumped up his earnings by £23,916. This breaks down to £4 each for 5,979 plain film reports he claimed for as ‘waiting list’ work that he actually undertook during his normal working day. When interviewed under caution, the consultant strenuously denied having been dishonest - but was unable to offer a good reason for entering each x-ray patient’s record once before, and once after, 5pm. Coffey stated that although he had completed the work during the day, as he hadn’t pressed the submit button until after 17:00hrs, it was not his fault if he was “efficient”. The defrauded amount has been recovered in full (NHS Protect 06 February 2017).
Lancashire Consultant Radiologist pleads guilty to £24,000 NHS fraud
FraudulentFraudulent TimesTimes
Spotlight on Cyber Crime!
With 1,000 attacks reported every hour and individual breaches costing an
average of between £65K to £115K, Cybercrime costs the UK economy over
£27bn per annum.
NHS computer systems are increasingly vulnerable to attacks by cyber-
criminals and North Lincolnshire and Goole NHS Foundation Trust was
recently forced to shut down the majority of its electronic systems and cancel
all planned operations, outpatient appointments and diagnostic procedures for
two days after a computer virus was detected.
Cybercrime is a bigger risk now than ever before due to the sheer number of
connected people and devices. It is important that all staff are aware of typical
cyber-security risks and some simple measures to ensure you do not
inadvertently fall victim or expose others to cybercrime.
What is Cybercrime? In a nutshell, it is simply a criminal act that has some kind of computer involvement and
includes traditional crimes conducted through the internet such as theft, fraud, blackmail, harassment, and
indecency.
The days of spotting a really obvious overseas banking scam are long gone! Hackers are getting more
sophisticated and will target personal greed, fear or curiosity, so it is worth repeating the reminder not to click any
links or reply to emails that are unsolicited or suspicious.
Types of Cyber Attacks:
Computer viruses are program code that has been designed to secretly copy itself into other such codes or
computer files.
Denial of service attack This is where an Internet site is
made unavailable, typically by using multiple computers to
repeatedly make requests that tie up the site and prevent it
from responding to requests from legitimate users.
Identity theft is the act of a person illegally obtaining
information about someone else such as full name, maiden
name, address, date of birth, NHS number, passwords,
phone number, e-mail, and credit card numbers.
Internet fraud Hackers are getting more sophisticated and will target personal greed, fear or curiosity.
Malware is malicious software that typically infects a computer through e-mail, websites, or attached hardware
devices such as USB keys and is designed to cause
damage without the users consent. It includes all the
different types of threats to computer safety such as
ransomware viruses, spyware, worms, trojans, and so on.
Mandate fraud is when someone gets you to change banking details by pretending to be an organisation you
make payments to, for example a business supplier.
Phishing e-mails appear to be from a reputable source and
contain either links or attachments that either take you to a
bogus website or install malware on your computer. 360
CFS have seen recent increases in these emails targeted at
specific NHS staff.
Good Practice to Help Prevent Cybercrime
Make sure you use strong passwords that you change
regularly. Don’t share these with anyone and don’t use the
same password for all your accounts.
Never reply to spam or unsolicited emails from an unknown
or untrusted sender or click on links or attachments within
them as these can often contain viruses or take you to
websites containing inappropriate material.
Never share your personal data such as bank details,
identity details or where you live with anyone that you don’t
know or can’t verify their details.
Make sure you always log off when closing down your
computer otherwise the next person to use it may already be
logged into your account.
Regularly review your privacy settings on social networking
sites so that only people you know can see your information
and photos.
When making online purchases make sure the connection is
secure by looking for the padlock icon at the top or bottom of
the internet browser. Secure web addresses should also
begin with ‘https’.
Don’t provide personal details via email. Your bank will never
ask for passwords or security codes online via email.
Be mindful that phishing emails are not usually sent to your
own name, general terms are used such as ‘Dear Customer.
They tend to request immediate action and often contain
spelling and grammatical mistakes.
Victim of cybercrime? Here’s what to do.
For advice about IT contact your organisations IT Department.
To report concerns about NHS fraud contact your Anti-Crime Specialist.
ActionFraud is the UK’s national cyber crime reporting centre—call 0300 123 2040 or report concerns online.
FraudulentFraudulent TimesTimes
SCAM UPDATES
TEAM NEWS
We have recently been successful in recruiting to the position of Anti-Crime Team Manager
within the team. Gary Roe joined us in mid January to take up this position. Gary brings with
him a wealth of experience in the role, having previously worked as a Local Counter Fraud
Specialist at 360 Assurance (and its predecessor organisation) for 7 years before taking up a
role at a provider organisation as a Compliance Manager for a period of 2 years. Gary will
operationally manage the pro-active fraud work and investigations carried out by 360 Assurance and can be
contacted on 07827 283030 or [email protected].
Medical Practices Targeted by CEO Fraud The National Fraud Intelligence Bureau (NFIB) has seen an increase in the volume of Chief Executive Officer (CEO) Fraud reports whereby medical practices are the targeted victim in recent months. How the fraud works? A medical practice is targeted by a fraudster who purports to be a senior partner (or CEO equivalent). The fraudster contacts a member of staff with responsibility for authorising financial transfers, requesting payments to be made into bank accounts under the pretence of a highly sensitive or urgent transaction. Initial contact appears to primarily be made via email from an address similar to the one the senior partner would use, although the suspect may telephone to complete the fraud if required. In addition, the fraudster may also introduce a second fraudster, who poses as a lawyer or regulator. With a strong social engineering element, the fraudster often requests that they are not contacted further by the authorising member of staff as they are busy. Alternatively the fraudster may pick occasions when the genuine senior partner is on holiday, therefore preventing the authoriser from checking the validity of the request. This type of fraud has resulted in substantial financial losses for several practices that have fallen victim. How to prevent against CEO fraud
Review internal procedures regarding how transactions are requested and approved, especially those in relation to verifying validity.
Check email addresses and telephone numbers when transactions are requested. If in doubt request clarification from an alternatively sourced email address/phone number.
Don’t be afraid to question details when being tasked to transfer money at short notice.
Payment Diversion Alert
Fraudsters are emailing members of the public who are expecting to make a payment for property repairs. The fraudsters will purport to be a tradesman who has recently completed work at the property and use a similar email address to that of the genuine tradesman. They will ask for funds to be transferred via bank transfer. Once payment is made the victims of the scam soon realise they have been deceived when the genuine tradesman requests payment for their services. Protect yourself
Always check the email address is exactly the same as previous correspondence with the genuine contact.
For any request of payment via email verify the validity of the request with a phone call to the person who carried out the work.
Check the email for spelling and grammar as these signs can indicate that the email is not genuine.
Payments via bank transfer offer no financial protection; consider using alternative methods such as a credit card or PayPal which offer protection and an avenue for recompense.
Fake Bank Letters Scam!
Lloyds customers should be on the lookout for a new sophisticated fraud that involves fraudsters sending fake bank letters. The convincing letters being sent are a replica template from Lloyds and include their logo, address and signature from a customer service representative. The letter tells recipients that there have been some “unusual transactions” on their personal account and asks them to call a number highlighted in bold to confirm they are genuine. When victims call the number, an automated welcome message is played and the caller is asked to enter their card number, account number and sort code followed by their date of birth. Victims are then instructed to enter the first and last digit of their security number. The letters are essentially a sophisticated phishing attempt
and serve as a warning to consumers to question written correspondence from their banks. If you are ever suspicious about correspondence from your bank you should call the customer service number on the back of their payment card.
ACS Contacts
FraudulentFraudulent TimesTimes
6
Telephone: 0116 225 6121
Mobile: 07920138835
Email: [email protected]
Responsible for: Derbyshire Health United,
Nottingham CityCare Partnership CIC, Derby
Teaching Hospitals NHS Foundation Trust,
Leicester City CCG, West Leicester CCG, East
Leicester & Rutland CCG
Alex Holden Anti-Crime
Specialist
Telephone: 0115 883 5322
Mobile: 07816272666
Email: [email protected]
Responsible for: Nottingham University Hospitals
NHS Trust, East Midlands Ambulance Service
NHS Trust
Principal Anti-
CrimeSpecialist
(Notts & Derbys) Joanna Clarke
Telephone: 0115 883 5323
Mobile: 07715807250
Email: [email protected]
Responsible for: Derbyshire Community Health
Services NHS Foundation Trust, Derbyshire
Healthcare NHS Foundation Trust
Penny Gee Assistant Director
Anti-Crime Services
Telephone: 0116 225 6122
Mobile: 07920138329
Email: [email protected]
Responsible for: Leicestershire Partnership NHS
Trust. Lincolnshire Partnership NHS Foundation
Trust
Matthew Curtis
Principal Anti-
Crime Specialist
(Leics & Lincs)
Anti-Crime
Specialist Ian Morris
Telephone: 0116 225 6120
Mobile: 07920138606
Email: [email protected]
Responsible for: Nottingham North & East CCG,
Nottingham West CCG, Rushcliffe CCG, North
Derbyshire CCG, Erewash CCG, Hardwick CCG
Claire Croft
Telephone: 01709 428710
Mobile: 07920138354
Email: [email protected]
Responsible for: Barnsley Hospital NHS
Foundation Trust, Sheffield Teaching Hospitals
NHS Foundation Trust, Rotherham CCG,
Barnsley CCG
Anti-Crime
Specialist
Amanda Smith
Telephone: 01709 428701
Mobile: 07920138323
Email: [email protected]
Responsible for: Rotherham Doncaster & South
Humber NHS Foundation Trust, The Rotherham
NHS Foundation Trust, Doncaster CCG,
Bassetlaw CCG
Anti-Crime
Specialist
Telephone: 0116 225 6114
Mobile: 07976411727
Email: [email protected]
Allan Mason Deputy
Director
Telephone: 01709 428701
Mobile: 07827842964
Email: [email protected]
Responsible for: Sheffield Health and Social Care
NHS Foundation Trust, Chesterfield Royal
Hospital NHS Foundation Trust, Sheffield
Children’s NHS Foundation Trust, Sheffield CCG
Principal Anti-
Crime Specialist
(South Yorks) Robert Purseglove
Matthew Evans
Telephone: 0115 883 5321
Mobile: 07902045237
Email: [email protected]
Responsible for: Sherwood Forest Hospitals
NHS Foundation Trust, Circle Health Limited
Anti-Crime
Specialist
Anti-Crime
Specialist
Telephone: 0115 8835320
Mobile: 07920138329
Email: [email protected]
Responsible for: Nottinghamshire Healthcare
NHS Trust
Liz Coleman
Anti-Crime
Specialist Beverley Graham
Telephone: 0116 225 6112
Mobile: 07584521340
Email: [email protected]