NHS telecoms fraud survey taken on by consultancy
- 31 August 2005
An international consultancy company has stepped in to fill what it says is a hole in NHS telecommunications fraud prevention services created since the wind-up of the NHS Information Authority (NHSIA).
Steve Mason, senior consultant at Vega, previously worked in telecoms fraud prevention at the NHSIA before it was disbanded in April.
After most of the NHSIA’s responsibilities were moved to the National Programme for IT, Mason joined Vega Group and is now spearheading its newly-announced service aimed at auditing healthcare organisations’ phone services – similar work to that he originally carried out at the NHSIA.
"The security work for the IA in general was not being taken forward by the NHS," Mason told E-Health Insider. "The NHS Counter Fraud Service has plans to take it forward but has no specific date."
Mason said that in his experience, around 60% of telecommunications fraud in healthcare organisations was internal. Common instances of staff fraud include dialling 0900 numbers, signing up for billed phone information services using the hospital’s address, misuse of mobile phones, and bypassing payphone mechanisms.
Although system hacking is less common, it can prove problematic. "The other 40% comes from external attack, organised criminals," said Mason. "The reason why it’s more of a problem in government and healthcare organisations is because they are seen as a soft touch."
Proactive monitoring of the system is key, stressed Mason. "It’s down to misconfiguration of the system because of the lack of effective telecoms management. People dial certain numbers that are barred."
The consultancy being offered by Vega involves going through the bills, visiting the site and making configuration recommendations and function checks. "We go through the bills, where available," said Mason, adding: "That’s often the problem, they’re not always available." Organisations must monitor and go through their phone bills, he said.
Mason added: "The issue of telecommunication fraud and crime is something that the NHS has been acutely aware of for sometime. During my time with the NHS Information Authority this was a subject that we encouraged our trusts to take very seriously, especially in today’s environment of limited budget and efficiency drives."
One growing area of concern indirectly linked with the advent of the National Programme for IT was the area of voice over internet protocol (IP), said Mason. If a healthcare organisation uses IP telephony for its voice calls, its phone service as well as its computer infrastructure would be knocked out. "IP telephony poses a whole set of new threats into the area," said Mason.
"From the work we have done in the past, from small amont of preventative measures, much greater savings can be made," added Mason. "At the end of the day the plan is to protect the finance the we put into patient care."
A spokesperson for NHS Counter Fraud and Security Management Services told E-Health Insider that they did investigate any reports of telecommunications fraud sent to them.
"We do some kind of preventative work, such as a review of mobile phone policies in trusts," said the spokespersons. "Also, we have had a few examples of people tapping into a network and calling abroad." Although much of the work was in reaction to enquiries, the NHS CFSMS "learn from that and make sure it never happens in the NHS again".