Technological advances like telehealth and artificial intelligence have made it much easier for scammers to target medical professionals successfully. Here are some of the most common scams impacting the healthcare industry.
1. Recruitment Scam
Recruitment scams typically involve a fake job posting or a cold call, where scammers offer a lucrative position. Once the victim engages, they ask for personal information like a social security number, email address, and date of birth. Since these details are standard in a new application, many medical providers don’t think twice about sending them.
The Federal Bureau of Investigation warns
Medical professionals can protect themselves from recruitment scams by paying close attention to the job listing. Any odd wording, strange language, or improper formatting should be a red flag. Further, they should contact the company separately to see if it’s legitimate.
2. Business Email Compromise Scam
A business email compromise scam is a form of phishing where scammers hand-craft an attack strategy for a single staff member. They send emails with malicious links or data requests in the hopes of accessing patient records. Although these types of messages sound easy to spot, they often seem legitimate and look harmless.
In healthcare, business email compromise scams are on the rise. In fact, their frequency
Fortunately, medical professionals can protect themselves by remaining vigilant. If they come across a normal email asking for funds, patient records, or confidential data, they should double-check the sender’s address and never click on attachments.
If they want to be sure, they can send a separate email to the alleged sender to confirm the original request.
3. Whaling
Whaling is an all-or-nothing type of phishing. In the healthcare industry, the scammer targets high-ranking medical professionals — like executive directors or chief financial officers — to maximize their payout.
Instead of sending the same copy-paste email to thousands of people in an organization, they’ll only target a select few to minimize suspicion.
Since high-ranking professionals often don’t experience phishing scams or standard awareness training, they have a higher chance of becoming a whaling victim. This is unfortunate, considering they often have unique privileges regarding fund management or organization records.
4. Phishing
Phishing uses emails as a medium for deception and manipulation. In this scam, the scammer aims to get valuable data, steal login credentials, or install malware. They accomplish this by sending messages with malicious links or attachments to various medical providers.
Only one staff member must click on the malicious email to grant the scammer access to their systems. Unfortunately, every data breach in the healthcare industry
Historically, misspellings and improper formatting have been obvious telltale signs of phishing. However, technological advances — like generative AI — have made scam messages much more convincing. Fortunately, medical providers can watch out for strangely formulaic language and avoid clicking unknown links to protect themselves.
5. Impersonation Scam
In an impersonation scam, a scammer poses as someone else to lower the victim’s guard and get what they want without raising suspicion. Usually, they pretend to be a higher-up, colleague, vendor, or authority figure. If they have enough insider information, they’ll have no trouble pulling it off.
Usually, the fraudster reaches out with a believable, threatening claim. For example, they might say the victim missed a court date where they were supposed to provide expert testimony. Usually, the goal is to get money in exchange for resolution. In reality, the medical provider is in no trouble and doesn’t owe anything.
Impersonation scams are on the rise in the U.S. — so much so that multiple federal agencies have published warnings. According to a 2023 alert from the U.S. Federal Trade Commission, scammers
6. Vishing
Vishing stands for voice phishing. Using this method, fraudsters call their target to get access to sensitive information or request fund transfers. Although many medical professionals believe they would never fall for such an obvious scam, it’s more challenging to detect than most people assume.
Scammers often spoof phone numbers so their call appears legitimate. Realistically, their chance of success increases substantially the moment their target picks up the phone. Additionally, many have also begun using generative AI to clone an individual’s voice and impersonate them.
If a medical professional gets a call from an executive’s number and the voice sounds exactly like it should, they won’t think twice about divulging sensitive information over the phone. In reality, many people fall for it. In fact, the healthcare industry
7. Social Engineering
In a social engineering scam, the scammer creates false urgency or builds trust to make the victim feel pressured to comply with demands. In healthcare, its goal is to get medical providers to share patient records, visit malicious websites, or divulge confidential information.
Social engineering is a complex form of manipulation, so even the most cautious medical providers are susceptible to it. In fact, healthcare organizations
Although social engineering threats are more challenging to defend against, it’s possible to remain protected. Medical providers should be wary of new contacts, reach out to the alleged sender in a separate email, and do research to confirm they’re speaking to who they think they are.
8. Smishing
As of the beginning of 2023,
Usually, they pretend to be someone else or make their request sound urgent to increase their chances of success.
Since medical providers may not have the same anti-phishing software on their personal phones as they do on their work computers, they may be more susceptible to these scams. Even if they only click the message or link out of pure curiosity, they immediately compromise their identity — making it easier for fraudsters to successfully carry out future attacks against the healthcare facility.
9. Extortion Scam
The latest extortion scams to target the healthcare industry involve fraudsters claiming to be from the Drug Enforcement Administration (DEA) or the medical licensing board. They reach out to the victim, claiming their career is at stake or they’re the focus of an ongoing investigation.
While traditional extortion scams use embarrassing photos or incriminating information as leverage, those targeting healthcare threaten people’s medical licenses. If a scammer’s first attempt is successful, they’ll keep making up reasons to demand new payments. For example, they might claim a court date is pushed back and need more money to make things right.
The DEA stated
10. Deepfake Scam
In a deepfake scam, a scammer impersonates a patient or executive to gain personally identifiable information. Using generative AI, they can clone anyone’s voice and appearance in minutes using only short audio clips or a handful of pictures.
With telehealth on the rise, deepfake scams are becoming much more common. A 2023 statement from the American Hospital Association claims that
If scammers have enough insider information, they can pose as anyone in an organization. Although most medical professionals are trained to spot typical scam signs, it’s very unlikely they’ll assume the live video they’re watching is doctored.
To defend against deepfakes, medical professionals should watch for strange instances of lag and visual glitching. During live calls, misaligned audio and video is an obvious sign of a potential scam.
Healthcare Scams Are on the Rise
Since many of these scams rely on advanced technology, medical professionals must remain vigilant. After all, the traditional protection strategies are mostly outdated. Still, they can protect themselves and their organization if they remain aware.