News

A Nurse working at Addenbrooke’s Hospital in Cambridge has been sent to prison for four years and six months after admitting stealing over £100,000 from vulnerable patients.

On 11 April 2023, the UK government announced the introduction of a failure to prevent fraud offence, as part of the Economic Crime and Corporate Transparency Act. The Act received Royal Assent on 26 October 2023.

The NHS Counter Fraud Authority (NHSCFA) have now provided guidance relating to the new Act, detailing areas for consideration.

It should be noted that the law applies to all UK business that meet the required criteria (any two of: >250 employees, > £36 million turnover, >£18m on the balance sheet). While NHS organisations will be covered by the new Act, most might be less vulnerable to such a charge, providing they work in accordance with the anti-fraud bribery and corruption framework set out in the Government Functional Standard: Counter Fraud (GovS 013), and in compliance with anti-fraud guidance set out by the NHSCFA.

Much of the guidance is written in respect of companies that defraud customers, which would not normally apply to the NHS.

The new law mirrors the corporate “Failure to Prevent Bribery” offence that was introduced as part of the Bribery Act 2010.

A senior Nurse from St Thomas’ Hospital has been struck off by the Nursing and Midwifery Council after using patient’s names to falsely book over £5,000 of taxi travel during the pandemic.

A hospital consultant has been sentenced at Kingston Crown Court after admitting a £50,000 timesheet fraud while working as a locum at Kingston Hospital NHS Foundation Trust.

We would like to wish everyone a happy and healthy holiday and New Year period and thank you all for your assistance in helping reduce fraud against the NHS this year.

Please remember that instances of attempted fraud (targeting you both at home and at work) rise at holiday times with fraudsters seeking to take advantage of changed circumstances. Please remain vigilant at work for anything that doesn’t seem right and remember that you can report any concerns, confidentially, to your Local Counter Fraud Specialist.

Please also take care at home – there are many ways that we can be targeted by fraudsters at home, you can protect yourself by reading our advice on personal fraud.

Stay safe and enjoy the festivities,

Your Fraud Team.

Statistics show that reported instances of attempted Mandate and CEO Fraud rise significantly over the Christmas and New Year period, with criminals seeking to exploit understaffed departments and NHS employees working under additional pressure.

Mandate Fraud (also known as Payment Diversion Fraud) is a type of impersonation fraud where an employee receives fraudulent correspondence purporting to be from an existing supplier, requesting that the banking information for that supplier is changed. Lookalike or hacked email accounts can be used.

If the request is processed, the next legitimate payment due to that supplier will be diverted into the fraudster’s bank account. Sometimes the fraudster might first contact an employee responsible for finances and request that contact information for the supplier is changed, so, when a Mandate Fraud is attempted later, checks to confirm whether the request is legitimate are diverted to the criminal.

In both cases, once a payment is made, the money is rapidly moved through a series of ‘mule’ accounts which are then shut down making quick tracing and recovery almost impossible.

Salary Diversion Fraud occurs when an existing employee is impersonated and a request to change banking details for their salary payments is made to the Human Resources or Payroll Departments.

CEO Fraud occurs when the fraudster impersonates the organisation’s Chief Executive Officer or another director and contacts a Finance employee, normally using a hacked or lookalike email account, asking for an urgent transfer of funds or the purchase of vouchers.

All Finance, Payroll, Procurement and Human Resources employees should be reminded of the increased risk over the holiday period.

Staff should remain vigilant against:

• any request for a change in a supplier’s or banking or contact details,
• any request for a change in an employee’s banking or contact details,
• any request apparently from a director requesting that an unusual urgent financial transaction is undertaken.

All such requests should be treated with extreme caution and should not be processed until confirmed as genuine by verifying the request with a confirmed contact through already established or independently obtained contact details. 

All staff should remain aware that emails can be easily hacked or spoofed and requests for changes should always be treated with suspicion. Links and attachments in emails from unexpected sources should never be opened.

All organisations should encourage staff to self-enrol their NHS email accounts with multi-factor authentication as a priority if not already configured. Further details for NHS mail accounts are available here.

Anyone that suspects that their email account has been hacked or spoofed should report the matter to the IT Department and immediately change their password.

Further advice on cybercrime can be found here.

Any incidents or concerns should be reported to your Local Counter Fraud Specialist.

The Fraud and Security Management Service has been shortlisted in two categories as part of the Public Sector Counter Fraud Awards, 2024.

They are one of five nominees shortlisted for the award Innovation in Fraud Prevention and are the only NHS nominee to reach the final five. They are also one of just two nominees shortlisted for the Outstanding NHS Initiative award.

The award results will be announced at a ceremony on 22 February 2024 in London.

Samantha Willoughby, Head of the Fraud and Security Management Service, said, “I am delighted that the outstanding work delivered by our team has been recognised by a team of experts. I am also enormously proud that, despite huge competition – with 90 submissions being made by fraud teams and experts from across the whole public sector, we were the only NHS local service to be shortlisted for the award in one category, and one of only two shortlisted in the other.

“It is rewarding that our efforts have been appreciated and this recognition will only serve to further increase our determination to minimise the impact of fraud and corruption upon the NHS.”

A Southampton man has been jailed for two and a half years after admitting the theft of large quantities of drugs from the Hospital that employed him.

Paul Winwright appeared at Southampton Crown Court in November 2023 for sentencing having previously admitted offences of theft from employer and non dwelling burglary.

November 12 – 18th 2023 is International Fraud Awareness Week. There is information on the International Fraud Awareness Week website and also on the NHS Counter Fraud Authority webpages.

Samantha Willoughby, Head of the Fraud and Security Management Service, said, “While we strive to keep NHS organisations fraud-aware all year round, Fraud Awareness Week is a great opportunity to further reach out to staff and remind them of the importance of helping us to reduce fraud and corruption in the NHS.

“Our dedicated team of highly experienced Local Counter Fraud Specialists are on hand to provide training, advice and, if necessary, to investigate any concerns that you may have. Any suspicions of suspected fraud or corruption should be reported, in confidence, to your nominated Local Counter Fraud Specialist. Alternatively, reports can be made to the NHS Counter Fraud Authority. All reports are treated in confidence.

“In the past two years in Hampshire and the Isle of Wight we have identified frauds with a value of over £1.3 million. We have prevented attempted frauds totalling over £840,000.00 and have recovered £1,149,011.21. All recovered money is returned to the health body affected so it can be used for the provision of better patient care.”

The new series of Fraud Squad on BBC1 features a number of NHS fraud cases, including a local case dealt with by the Fraud and Security Management Service.

Episode eight of the current series (series five) features the story of the local GP who was jailed after gambling over a £1 million of NHS money.

You can catch Fraud Squad on BBC1 on iPlayer.

Note – although not mentioned in the programme, the case was a joint NHS fraud / Police investigation, and the interview under caution was conducted by two NHS Local Counter Fraud Specialists from the Fraud and Security Management Service.

A senior NHS manager working for NHS Harrow Clinical Commissioning Group has been sentenced to three years and eight months imprisonment after pleading guilty to a £560,000 fraud. The court heard that the manager managed a team of staff within a CCG and had authority to sign off invoices up to a value of £50,000.

Between August 2018 and December 2020, he authorised and approved fake invoices for payment totalling £564,484.80. These were paid into a bank account registered to himself. He was the sole approver for all invoices submitted, and no services were delivered, or work conducted for the CCG by that company.

Sentencing him to three years and eight months in prison Judge Vanessa Francis said: “You have worked in the NHS all your life, you are clearly someone who clearly cares deeply about helping others. Yet you used the system to systematically defraud the local authority who had employed you to the tune in total of over £565,000.

“For an NHS department already in deficit, what you did was take away the opportunity for people to be treated, for people to be helped and get what they needed. It meant in practical terms the vulnerable people who needed care did not get as much care as they needed, and you are responsible for that.

“You abused the position of responsibility that you were given and in a relatively planned and sophisticated way.”

The Fraud and Security Management Service have seen an increase in reports of phishing email, particularly those that purport to be from your email client or ESR.

We would remind everyone that you should never follow links or click on attachments in emails from unexpected senders.

Those that respond to requests to “update their ESR information” (or similar) may give a criminal access to their ESR account, allowing the fraudster to change banking details and divert salary payments.

Further information on cyber crime and fraudulent email is available on this website under the fraud menu.

Action Fraud report that large community and religious WhatsApp groups are being targeted by scammers who infiltrate them to try and deceive their members into sending them money. Since January of this year, 268 people have reported falling victim to this scam.

The fraud often begins when a member of the group receives a WhatsApp audio call from the fraudster, pretending to be a member of the group. This is done to gain the individual’s trust, and often the scammer will use a false profile picture and / or display name, so at first glance it would appear to be a genuine member of the group.

The fraudster will then call the victim and say they are sending a one-time passcode which will allow them to join an upcoming video call for group members. The scammer then asks the victim to share this passcode with them so they can be “registered” for the video call. What’s really happening is that the scammer is asking for a registration code to register the victim’s WhatsApp account to a new device where they then “port” their WhatsApp profile over.

Once the fraudster has access to the victim’s WhatsApp account, they will enable two-step verification which makes it impossible for the victim to access their account. The scammer will then message other members of the group, or friends and family in the victim’s contacts, asking them to transfer money urgently as they are in desperate need of help.

Oliver Shaw, Detective Chief Superintendent and Head of Action Fraud and the National Fraud Intelligence Bureau (NFIB) said:

“WhatsApp continues to be a popular platform for community and religious groups, but sadly also for fraudsters. Here, the scammers rely on the goodwill of group members and their intrinsic desire to help others in distress.

“We urge people always to be wary when receiving contact via WhatsApp or other messaging platforms. This is particularly the case when being asked to provide account information – despite the fact that you may recognise the individual’s profile picture and / or name.

“Never share your account information with anyone, and if you think it’s a fraudulent approach, report the message and block the sender within WhatsApp. To make your account more secure, we advise setting up two-step verification to provide an extra layer of protection. This makes it increasingly more difficult for fraudsters to gain access to somebody else’s WhatsApp account”.

Action Fraud indicate that victims targeted by this scam are often part of large WhatsApp community, alumni and academic, work groups, and religious groups (such as church or prayer groups).

What can you do to avoid being a victim?

•  Never share your account’s two-factor authentication (2FA) code (that’s the six-digit code you receive via SMS).

•  Set up two-step verification to give an extra layer of protection to your account. Tap Settings > Account >Two-step verification > Enable.

•  THINK. CALL. If a family member or friend makes an unusual request on WhatsApp, always call the person to confirm their identity.

•  You can report spam messages or block a sender within WhatsApp. Press and hold on the message bubble, select ‘Report’ and then follow the instructions.

The NHS Counter Fraud Authority have published their Annual Report 2022-2023.

We are pleased to report that Colin Edwards (Fraud Specialist from the Fraud and Security Management Service) and his team are three days into their charity cycle ride, and are doing well.

Colin and his friends are aiming to cycle from Hayling Island to Paris and back in just a week.

They are progressing as scheduled and the weather has been largely kind to them so far, being neither too hot nor too wet.

Colin, a keen cyclist, is raising money for the Solent NHS Trust Charity and donations can still be made on Colin’s Just Giving page.

The first NHS Counter Fraud Conference was held in London in May 2023.

With more than 250 delegates, the conference brought together counter fraud professionals from all parts of the healthcare sector. Its aim was to foster learning, discussion, and collaboration across the different parts of the NHS and to strengthen the response to fraud and building awareness.

The event welcomed experts from NHS Counter Fraud Authority, the newly established Public Sector Fraud Authority, NHS Counter Fraud Services Scotland, NHS Counter Fraud Wales, and Counter Fraud professionals from NHS Trusts and Integrated Care Boards who discussed topics such as data sharing and insider fraud and different detection and prevention tactics.

Colin Edwards represented the Fraud and Security Management Team at the conference and was part of a panel that responded to questions from the audience and offered insightful tips on ways to effectively measure the financial and non-financial impacts of counter fraud controls. Colin offered practical ideas on how practitioners can work collaboratively with policy leads to integrate counter fraud measures into policy from the planning stage.

A recording of Colin and the panel can be found here.

The NHS Counter Fraud Authority have launched their strategy for 2023-2026.

The strategy details the NHS Counter Fraud Authority’s planned response to counter the ever-changing risk of fraud, bribery and corruption in the NHS.

Operation Cavell was introduced by police forces across the UK prior to the introduction of the Assault Emergency Worker offence 2018 and the National Joint Agreement on Offences Against Emergency Workers 2020. The legislation provides clear direction on the definition of an Emergency Worker which is much wider in scope than might previously have been considered. The Joint Agreement provides a broad framework to ensure the more effective investigation and prosecution of cases where emergency workers are victims of a crime while undertaking their duties.

A former Theatre Manager at St Albans City Hospital Trust has been sentenced to 11 years in prison having been found guilty of six offences under the Theft, Fraud and Bribery Acts in March this year.

A Chief Executive Officer of Implants International and Xtremity Solutions Ltd (both of which were companies supplying medical equipment to the Hospital) was sentenced to 28 months in prison having been found guilty of one charge of bribing the Theatre Manager

A Director of TSI Med Ltd. had already pleaded guilty to one charge of bribing the Theatre Manager prior to the trial opening and was sentenced to 18 months in prison suspended for 18 months and 200 hours of unpaid work.

The investigation was undertaken by the CFA, with the prosecution led by the Crown Prosecution Service, with the total value of all offences being more than £600,000.

Colin Edwards, an LCFS from the Fraud and Security Management Service will be embarking on a mamouth 400 mile cycling trip from Hayling Island to Paris and back in July to raise money for an NHS Mental Health charity.

Coverage of the story by Portsmouth News can be read here.

Donations can be made on Colin’s Just Giving page.

A Trust employee has resigned immediately before a disciplinary hearing, after an investigation by the LCFS confirmed that they had attempted to defraud their employer’s Cost of Living Hardship Scheme.

The scheme had been set up to support staff in financial hardship during the cost of living crisis, and enabled them to apply for one-off grants to assist with emergency unforseen expenses, such as a broken boiler or car repair. Applications were considered by a committee chaired by an Assistant Director, and payments were awarded from existing charitable funds. The individual had made an application, but when asked for supporting paperwork to show the estimated cost of repairs they forged a quote and submitted it in support of the application.

An investigation by the LCFS confirmed that the paperwork was false and internal disciplinary proceedings were taken, led by the Human Resources Department.

A diciplinary hearing was scheduled, but the subject resigned before it was held.

The investigating LCFS, said, “This individual was extremely foolish. They attempted to defraud a scheme set up by the Trust to help staff who were genuinely in need. Had they been successful they would have been taking money away from other honest, hardworking NHS employees that may have needed the scheme. This action shows that every instance of suspected fraud is investigated and is taken seriously by the NHS.”

The BBC report that a major cyber-crime website has been shut down following a large international Police operation.

The website contained victim’s personal data for sale, often at less than $1 a time, placing them at risk of cyber-crime such as identity or banking fraud. Unusually, the site was situated both on the ‘dark web’ and the ‘open web’, as opposed to just on the ‘dark web’ as would be more normal.

Globally 200 searches were carried out and 120 people were detained.

A woman that forged a medical degree and worked in multiple roles in the NHS for over twenty years has been jailed for seven years. She had denied the charges against her but a jury found her guilty of of 13 counts of fraud, three of obtaining a pecuniary advantage by deception, two of forgery and two of using a false instrument.

In 2018 the woman had previously been convicted and sentenced to five years inprisonment after attempting to forge the will and powers of attorney of an elderly widow who had been one of her patients.

Read full details here.

The Police have issued the following advice regarding fraud trends this winter and Christmas.

Energy Rebate Scams
Criminals continue to seek opportunities to exploit vulnerable individuals during the economic crisis facing the UK. It is noted that energy rebate scams continue to be a popular method of defrauding victims looking to save some money on bills. Offenders are sending out SMS messages, purporting to be from the Government, advising recipients that they are eligible for discounted energy bills under the Energy Bill Support Scheme, however, to receive their discount/rebate they will need to apply on the link provided. This link is of course, malicious and seeks to harvest personal and financial information.

Supermarket Gift Card Scam
A large phishing campaign has been circulated where offenders purport to be popular supermarket chains. The scam offers recipients a gift card voucher if they complete on online
survey. There is a link included within the email for victims to use to claim their gift card. The purpose of this exercise is to provide fraudsters with personal and financial information. Scams such as this one will continue to become increasingly appealing to the public as many struggle with rising costs across food items.

Banking / Police Impersonation Fraud
Victims are being contacted by fraudsters, purporting to be from a bank and are advising that they need to get the victims card blocked. The victims are then subsequently advised to withdraw large sums of cash from an ATM and that a taxi would attend the home address to collect monies along with the bank card. The victim is told to remove a portion of the money to give to the taxi driver and that they are not allowed to speak with the driver. In addition, victims are told that the job is confidential or a “hush job” and therefore they should refrain from speaking to anyone else about the event. This is a tactic that criminals use to isolate the victim.

Similarly, another MO of interest was identified where victims received a call and were advised that they were being contacted by the Fraud Investigation Department. They were advised that they were part of an ongoing investigation into fraud involving banks across their specific area. The victim was instructed to attend the bank and withdraw a large sum on money. The fraudsters call the victim a cab to ensure that they are going to the bank, and they remain on the phone with the victim the entire time, even when the handset is placed in a bag.
The victim then returns home and hands over the money to a courier, who provides them with a passcode. The victim is subsequently informed that the notes are counterfeit and therefore is instructed to complete several additional tasks to safeguard their funds, including transferring a total to an account that the scammers had advised was with the Bank of England. The victim was told, like the above, that they were not to disclose this with any friends or family. A new threat actor then contacted the victim to advise that they were taking over the case as part of the Serious Fraud Investigation Office. They then instruct the victim to complete more money transfers and withdrawals.

Christmas Criminals Awareness Campaign
As we head into the festive season, online shoppers are being warned about the dangers of seasonal scammers. A Cyber Aware campaign, from National Cyber Security Campaign, is being promoted to help inform and remind shoppers to bolster their cyber security and remain cautious of potential scams. The same period last year (Nov 2021 – Jan 2022) saw consumers lose a total of £15.3 billion, with each victim losing, on average, £1,000. The age group noted as being most at risk was those between the ages of 19-25 years old.
As many take to online platforms to purchase gifts or even to bag a bargain during Black Friday deals, this will continue to be a time period which many cyber-scammers look to exploit heightened online shopping habits.

Christmas time sees an increase in attempted frauds, organisations will be targeted as they may be short staffed and therefore less vigilant, and you may be targeted at home too; so remember to question every contact via post, text, telephone or email asking you to do something unusual.

If you are partying, make sure that your friends and relatives know where you are and that you have made arrangements to get home safely.

There is lots of advice on staying safe on this website, a few minutes browsing could save you an awful lot of money or aggravation.

November 13th – 19th is International Fraud Awareness Week. Look out for messages from your Communications Team promoting the week and sharing useful information on how to protect yourself and the NHS from fraud.

Should you need any help or advice, or if you want to report a concern of suspected fraud affecting the NHS, you should contact your Local Counter Fraud Specialist. All contact is treated in the strictest confidence.

A recent report led by the NHS Counter Fraud Authority (NHSCFA) on local NHS healthcare spend during the COVID-19 pandemic has identified that good practice across NHS procurement saved millions of pounds during this unprecedented and challenging time.

An NHS boss that lied to obtain positions that saw him earn £643,602.91 has been ordered by the Supreme Court to repay £96,000.

Barclays Bank have revealed the common tactics used by scammers in order to manipulate their victims.

The BBC report that under 35’s are the key target group for organised criminals using the WhatsApp messaging application to commit fraud.

A Hampshire Health Care Support Worker has been prosecuted after stealing and using a patient’s bank card without permission while working at a local hospital.

The offence was identified by the Trust’s Local Counter Fraud Specialist who liaised with the Police and assisted with the investigation. Nahima Begum from Southsea, Hampshire, pleaded guilty to a charge of Fraud by False Representation at Portsmouth Magistrates Court. She was sentenced to a Community Order requiring her to complete 160 hours unpaid work. She was also ordered to pay £85 prosecution costs, a £95 surcharge fee and compensation to the victim.

Begum no longer works for the Trust where she had been employed.

The BBC report that a huge dark net site, descibed as a “bastion of cyber crime”, has been shut down.

The Centre for the Protection of National Infastructure (CPNI) have produced a short film which introduces the quick actions a member of staff within a small business can take to lockdown their premises during a terrorist incident. These principles can be applied across many types of locations and ultimately acting fast can save lives. Further information can be found on the CPNI website.

The video can be viewed here.

2021 has been a challenging year, we would like to extend our thanks and best wishes to everyone in the NHS for the remarkable job you have all done this year.

Please remember that while we may stop for a few days for some well earned rest over the Christmas holidays, the fraudsters never take a break and we must always stay on our guard to protect the NHS, ourselves and our families.

For a moment of light relief, we frequently warn that fraudsters are often highly organised and intelligent. However this isn’t always the case, as demonstrated in this story where two criminals were denied a £4 million lottery scratchcard jackpot as they bought the scratchcard with a stolen debit card. It’s good to see that there is some karma in the world!

We are sending our best wishes to you all and hope you all have a happy and healthy Christmas and New Year.

From your fraud and security management team.

Counter Terrorism Policing UK have released a video giving advice on providing first aid in the event of a terrorist attack. It reinforces the ‘Run, Tell, Hide’ message. It isn’t long, watching it may save lives.

The BBC report that the government are to introduce mandatory life sentences for anyone convicted of killing an emergency service worker. This change comes after months of campaigning by Lissie Harper, the widow of P.C. Andrew Harper, who was killed while on duty in 2019.

It has been reported both locally and nationally that the recent difficulties faced by the NHS have seen an increase in reports of violence and aggression towards staff,.

Another local report can be seen here.

For help and advice on staying safe at work see our security advice, or contact your Local Security Management Specialist.

A local Hampshire hospital recently foiled an attempt by organised fraudsters to change the banking details for an existing supplier.

The fraudsters had hacked into an email account of the supplier and then continued an existing email conversation between the supplier and the Trust’s Finance Department. The fraudsters sent a series of messages culminating with the request to change the supplier’s banking details. Had the request been processed, the next payment of over £176,000 that was due to the supplier would have been diverted to an account run by the criminals.

Thankfully the Finance team had recieved training from the Local Counter Fraud Specialist and took the correct action upon receiving the request, the details were not changed and no money was lost.

This is a common fraud known as ‘Mandate Fraud’ and large organisations are targetted frequently. It is important that ANY request to change the banking or contact details held for an existing supplier is treated with extreme caution and the request is double-checked with a known contact at that supplier, contacted via an extablished and confirmed telephone number.

For more advice, contact your Local Counter Fraud Specialist, or you can watch this awareness video.

A GP Practice Manager who abused his position to obtain drugs by deception has been given a Police Conditional Caution following a criminal investigation which spanned the South East, South West and London regions, undertaken by a Local Counter Fraud Specialist from the Fraud and Security Management Service.

The investigation proved that the Practice Manager had committed fraud offences with at least four General Practices, by accessing patient systems and creating false prescriptions for his own use.

116 false prescriptions were found whereby a doctor’s signature had been falsified in order to obtain medication that would not have otherwise been prescribed and dispensed. This caused a loss from the NHS Clinical Commissioning Group’s (CCG’s) prescribing budget. The Practice Manager was subsequently dismissed from their employment with a General Practice in the South West region.

After the ex-Practice Manager absconded from the Hampshire area, they were traced and interviewed under caution at Trinity Road Police Station, Bristol, on 19 August 2021, when they admitted the fraud offences.

A decision was made with Avon and Somerset Police to issue a formal Police Conditional Caution, which the ex-Practice Manager accepted on 19 October 2021. The conditions imposed were that the individual was required to report any future work in the NHS; that they pay £500 compensation to the CCG and they provide letters of apology to each of the General Practices affected.

The Police Conditional Caution is a criminal record held on the Police National Computer.

November 14th – 20th is International Fraud Awareness Week.

The NHS Counter Fraud Authority estimates that fraud and corruption costs the NHS up to £1.21 Billion a year. It is important that we continue to raise awareness of the fraud issues that might affect us at work.

To support International Fraud Awareness Week your Communications Team will be circulating a number of fraud-awareness messages on your Intranet pages and via your organisation’s social media accounts. These messages are designed to raise awareness and help keep you and the NHS safe from fraud. Look out for them, they only take a couple of minutes to read and could prevent losses of thousands of pounds.

The International Fraud Awareness Week website has a useful downloadable document providing more generic information on fighting business fraud; you can access it by clicking the image to the right. While this is an American publication, most of the advice is still relevant to us.

Frauds affecting the NHS could be committed by:

Patients:
– obtaining treatment in false names to obtain additional drugs or avoid NHS charges
– altering prescriptions to obtain additional medication

Employees and contractors:
– working for another employer whilst receiving NHS sickness pay
– manipulating and abusing NHS accounts or credit cards for personal use
– submitting false claims for hours worked or expenses
– job applicants falsifying qualifications or references
– abusing trust to defraud the finances of a patient

External:
– phishing email
– emails impersonating Directors requesting financial transactions
– emails impersonating other organisations or staff requesting the bank details are changed to divert legitimate payments to the fraudster
– cyber ransomware attacks on I.T. infastructure

We rely on the honest majority in the NHS to help root out the dishonest few. Your Local Counter Fraud Specialist works for you and your organisation to reduce the impact of fraud and keep NHS money in our budgets. This year in the Hampshire and Isle of Wight area the Fraud and Security Management Service has identified frauds with a value of over £1,118,000 and our work has prevented further fraud losses totalling over £353,000. Over £240,000 has been recovered during the year to date.

If you have any questions about fraud in the NHS, or if you would like to report a concern, you should contact your Local Counter Fraud Specialist

Further information is also available from the NHS Counter Fraud Authority.

A Portsmouth GP has been sent to prision for three years and four months after admitting the theft of £1.1 million to feed a gambling addiction.

The NHS Counter Fraud Authority have given the case national coverage and Richard Rippin, Head of Operations at the NHS Counter Fraud Authority has commended the: “excellent work undertaken by the Fraud and Security Management Service”.

A Portsmouth GP who embezzeled £1.13 Million of NHS money has pleaded guilty to one charge of fraud at Portsmouth Magistrates Court.

Full story here.

The BBC report that Stephen day, a 51 year old accountant from Perthshire, Scotland, has been jailed for 11 years and 5 months for: “industrial scale dishonesty”, which defrauded firms and the NHS of £1.4 million. Among the various offences that Day admitted, the court heard that he had held three full time NHS Director posts with different organisations simultaneously, hiding each from the others and earning over £2,000 a day.

Meanwhile, in June a former NHS I.T. Manager at what was Mid Essex Hospital Trust (including Broomfield Hospital) was imprisoned for 5 years and 4 months after admitting two counts of fraud by false representation and defrauding the NHS and HMRC out of £800,000. The case was brought following an investigation and financial investigation work by the NHS Counter Fraud Authority, working closely with the Trust’s Local Counter Fraud Specialist and HMRC.

The NHS Counter Fraud Authority have published their 2020 – 2023 Strategy.

The strategy explains how they intend to use their resources and
commitment over the three year period (2020-2023) in the fight against NHS fraud.

It can be viewed by clicking on the image.

It has been reported that staff at the Queen Alexandra Hospital in Portsmouth have suffered 190 physical attacks from patients and the public in twelve months.

Queen Alexandra Hospital

It has been reported that Portsmouth Police have fined a social media user who had posted photos of Queen Alexandra Hospital and had falsely claimed that the hospital was not busy with Covid-19 patients.

Mark Cubbon, the Trust’s Chief Executive, branded the posts as disrespectful to staff working hard to look after Covid-19 patients.

The person responsible was traced and given a fixed penalty notice under the Health Protection (Coronavirus, Restrictions) Regulations 2020.

Self Assessment customers warned about scammers posing as HMRC.

HM Revenue and Customs (HMRC) have warned that Self Assessment customers should be alert to criminals claiming to be from the HMRC.

As the department issues thousands of SMS messages and emails as part of its annual Self Assessment tax return push, HMRC is warning customers completing their returns to take care to avoid being caught out by scammers. The annual tax return deadline is on 31 January 2021.

The department knows that fraudsters use calls, emails or texts to contact customers. In the last 12 months, HMRC has responded to more than 846,000 referrals of suspicious HMRC contact from the public, and reported over 15,500 malicious web pages to internet service providers to be taken down. Almost 500,000 of the referrals from the public offered bogus tax rebates.

Many scams target customers to inform them of a fake ‘tax rebate’ or ‘tax refund’ they are due. The imposters use language intended to convince them to hand over personal information, including bank details, in order to claim the ‘refund’. Criminals will use this information to access customers’ bank accounts, trick them into paying fictitious tax bills, or sell on their personal information to other criminals.

HMRC’s Interim Director General for Customer Services, Karl Khan, said: “We know that criminals take advantage of the Self Assessment deadline to panic customers into sharing their personal or financial details and even paying bogus ‘tax due’.

“If someone calls, emails or texts claiming to be from HMRC, offering financial help or asking for money, it might be a scam. Please take a moment to think before parting with any private information or money.”

Pauline Smith, Head of Action Fraud, said: “Criminals are experts at impersonating organisations that we know and trust. We work closely with HMRC to raise awareness of current scams and encourage people to report any suspicious calls or messages they receive, even if they haven’t acted on them, to the relevant channels. This information is crucial in disrupting criminal activity and is already helping HMRC take down fraudulent websites being used to facilitate fraud.

“It’s important to remember if you’re contacted out the blue by someone purporting to be from HMRC asking for your personal or financial details, or offering you a tax rebate, grant or refund, this could be a scam. Do not respond, hang up the phone, and take care not to click on any links in unexpected emails or text messages. You should contact HMRC directly using a phone number you’ve used before to check if the communication you have received is genuine.

“If you’ve been the victim of fraud, contact your bank immediately and please report it to Action Fraud online at actionfraud.police.uk or by calling 0300 123 2040.”

Customers can report suspicious activity to HMRC at [email protected] and texts to 60599. They can also report phone scams online on GOV.UK.

HMRC is also warning the public to be aware of websites that charge for government services – such as call connection sites – that are in fact free or charged at local call rates. Other companies charge people for help getting ‘tax refunds’. One way to safely claim a tax refund for free is to log into your Personal Tax Account.

HMRC has a dedicated Customer Protection team that identifies and closes down scams but asks the public to recognise the signs to avoid becoming a victim. HMRC regularly publishes examples of new scams on GOV.UK to help customers recognise phishing emails and bogus contact by email, text or phone.

Ways to spot a tax scam

It could be a scam if it:

• is unexpected
• offers a refund, tax rebate or grant
• asks for personal information like bank details
• is threatening
• tells you to transfer money.

Self Assessment customers can complete their tax return online and help and support is available on GOV.UK.

To protect against identity fraud customers must verify their identity when accessing HMRC’s online services. They must have two sources of information including:

• credit reference agency data
• tax credits
• P60/payslip
• UK Passport

The Credit Industry and Fraud Avoidance Service (CIFAS) have reported a huge rise in phishing email during 2020, with the number of incidents projected to continue to rise by 15% year on year.

A ‘phishing’ email is an email pretending to be from somewhere or someone that it is not. It prompts the user to either follow a link to a spoof website, or to click on an attachment.

The spoof website requests personal information including login information, giving the fraudster access to the account, whereas attachments are normally ‘malware’ – malicious software that the criminal wants installed on the user’s computer.

CIFAS have reported that the most commonly impersonated brands are: Amazon. PayPal, Apple, WhatsApp, Microsoft Office, Netflix and Instagram. NHS staff are frequently trageted by phishing emails spoofing NHS net (email) and ESR in an attempt to gain access to user’s accounts.

More information on dealing with email fraud is here.

A new Staff Safety page has been added to the site. The page provides staff with help and guidance to assist them in staying safe while at work and at home.

Much of the information is common sense, but it is worth a quick read through so you can make sure that you are doing all you can to reduce any risk.

The basis of the information has been provided by Hampshire Constabulary.

It has been reported that a man has been arrested on suspicion of attempted murder following an incident at the Royal Sussex County Hospital in Brighton, where a staff member was stabbed.

The Fraud and Security Management Service have been made aware of an instance of a ‘Harma Virus’ infecting a local NHS network. The virus is spread through the opening of an email attachment. Harma is a ransomware which focuses on locking all personal files on the host machine and then demands ransom payment for the decryption tool.

It is important that you do not open any attachments that you are suspicious of or that appear out of the ordinary. Be particularly suspicious of emails from people you don’t know or routinely do business with. Emails that purport to come from a known contact but are not written in their usual style can also be an indicator of a potential problem. Any suspected phishing/spam/scam emails can be reported to NHSmail directly at [email protected] by attaching the suspicious email to a new email before sending it.

If you receive any popup messages that look suspicious such as: “Your files have been encrypted” please contact your IT Service Desk immediately and power off your computer straight away.

Further information on protecting yourself against cyber-crime can be found here and advice to protect against email fraud can be found here.

The NHS Counter Fraud Authority has launched an expanded fraud reference guide which provides fraud definitions and detailed information on thirteen key areas of fraud, including case examples and preventative advice. The guide can be accessed here.

A Southsea woman has been arrested on suspicion of assault, criminal damage and a public order offence, following an incident at the Queen Alexandra Hospital Emergency Department in Portsmouth on Boxing day.

Full story here.

The Nurse attended a voluntary Interview Under Caution at Portsmouth Police Station in November 2019 and was questioned by the LCFS. They fully admitted making a false representation, contrary to the Fraud Act 2006, by dishonesty stating that they were unfit for work when in fact they had been working for another employer. 

The Nurse’s behaviour caused a £450.00 loss to the Trust, in the form of sickness salary payments that they were not entitled to. This loss does not take into account the additional staffing costs that were payable to temporary staff who provided care to vulnerable patients (over a crucial period) whilst the Nurse was absent.

It was agreed with Hampshire Police that a Conditional Caution was an appropriate sanction which would be held as a record on the Police National Computer (PNC). The subject was offered and accepted a Police Conditional Caution as an alternative to other criminal action. As a condition of this sanction the subject is required to repay the Trust the overpaid salary within 12 weeks or faces having to attend a Magistrates Court.

The Nurse no longer works for the Trust.

A former NHS Trust employee in Hampshire was given a Police Conditional Caution in December 2019, after admitting working full time as a taxi driver during a period of sickness absence from the NHS.

The matter was referred to the Local Counter Fraud Specialist after the employee had been seen driving a taxi while they were known to be absent from work. The subsequent investigation revealed that they had worked for a private taxi company throughout the sickness period, working an average of over fifty-eight hours per week.

The investigation highlighted that they had lied to their managers about the work during the absence period and again upon their return to work. The employee was interviewed under caution by the Local Counter Fraud Specialist at Southampton Central Police Station in December and admitted an offence of Fraud by False Representation. They were given the Police Caution on the condition that they repaid the fraudulently obtained sickness pay to their NHS employer, totaling £1,131.25.

A further loss of £267.39 was averted as sickness payments for the following month were frozen once details of the secondary employment were known.

A Domestic Assistant at a local Trust was issued with a Police Conditional Caution on 30th October and is facing disciplinary action after an investigation by the Local Counter Fraud Specialist (LCFS) revealed that they had continued working as a cleaner at a private organisation during a period of NHS sickness.

They admitted the offence during an interview with the LCFS at Southampton Central Police Station.

The fraud resulted in the incorrect payment of £681.97 in sickness payments and it was a condition of the Police Caution that the loss is paid back to the Trust within eight months.

Because of the prompt action taken by the LCFS and the Trust, the subject’s sickness payments were frozen the following month and a further loss of £1,406.50 was avoided.