Criminals have taken advantage of weak spots in the NHS’s computer systems, stealing over £100 million in the last five years. These crimes include hacking emails and using stolen credit card details, according to The Independent.
The stolen money could have paid over 2,000 senior nurses for a year or funded 20,000 cancer treatments. Experts say these losses are unacceptable and urge the NHS to do more to protect itself from fraud.
An investigation by The Independent found that the NHS in England lost £101 million to fraud between 2018 and 2023.
As for individual NHS trusts, freedom of information requests show that University Hospitals Bristol and Weston NHS Foundation Trust lost £30,615 in a 2020 bank fraud. The trust hasn’t shared many details, but these kinds of crimes usually involve criminals intercepting emails and pretending to be suppliers, tricking staff into transferring money to fake accounts.
Meanwhile, Hampshire Hospitals NHS Foundation Trust lost over £10,000 in 2021/22 when criminals stole its credit card details and used them for online shopping.
The trust said: “The details of a trust credit card were obtained by criminals and used to make inappropriate purchases online. This was investigated by the local counter-fraud specialist and police, but could not be pursued as the companies involved were based outside the UK.
“This was also reported to the bank, but the loss was identified too late to qualify for reimbursement. Two-factor authentication has since been enabled for some purchases, depending on the type of transaction, and monthly reconciliation checks are completed.”
While consumer rules protect individuals by reimbursing up to £85,000 for fraud, NHS trusts don’t have this safeguard and can only recover money if it’s possible to track the stolen funds.
Criminals often move stolen money overseas, which makes it nearly impossible to recover, said Richard De Vere, an independent security consultant. Though some international law enforcement agencies are willing to help, it’s still a huge challenge.
Efforts to prevent fraud have mostly been left to banks, with varying success. “Some victims get their money back, but others don’t,” said De Vere. “Cybercrime is real crime, but it’s been neglected in recent years.”
Dr. Tony O’Sullivan, co-chair of Keep Our NHS Public, said fraud is a serious problem for the NHS. “The loss of revenue through fraud is unacceptable,” he said. “It’s worse when there aren’t enough safeguards and too little oversight of high-value private contracts.”
“Fraud isn’t a victimless crime,” Dr. O’Sullivan warned. “The NHS needs better protection.”
Some trusts have been luckier but still lost money. Medway NHS Foundation Trust reported that criminals stole £500,000, but £420,000 was later recovered.
Other trusts have faced more sophisticated attacks. NHS Cheshire and Merseyside Integrated Care Board was hit twice. In September 2022, the board lost £9,835 when the email account of a supplier was hacked. This allowed criminals to change the payment details for future transactions.
“The incident was referred to the NHS Counter Fraud Authority and Action Fraud (Police). No money was recovered, and the perpetrators remain unknown,” the board said.
A second loss of £35,159 is still under investigation, but the board didn’t share more details.
Meanwhile, James Paget University Hospitals NHS Foundation Trust was defrauded of £21,512.40 when it received two invoices for the same payment, each with different bank details. A staff member called what they thought was the supplier to confirm the new details, but it turned out to be a scam.
The trust said: “It came to light that the bank details on the copy invoices were incorrect and they have no record of anyone calling us back. The emails were hacked and intercepted from an email address in the US. The bank managed to recover £19,000 from the fraudulent account. As far as we know, the criminals weren’t caught.”
The £101 million figure, shared by health minister Karin Smyth in a written parliamentary answer, doesn’t include any money that’s been recovered.
A spokesperson for the NHS Counter Fraud Authority (NHSCFA) said: “Payment diversion fraud is a global issue that affects the public sector too. The NHSCFA has worked hard to raise awareness of this within the NHS.
“It’s one of the most common types of fraud, where criminals hijack the identity of legitimate suppliers and divert payments to them.”
They added: “In a national campaign in 2022/23, the NHSCFA and partners directly prevented £33 million in attempted payment diversion fraud, with one successful prevention saving £14 million. We’re continuing this effort with the health and banking sectors.”
Also Read: Woman Breaks Jaw After Biting into Jawbreaker Candy
The spokesperson also noted: “A recent report from the National Audit Office estimates that fraud and error will cost taxpayers between £55 billion and £81 billion in 2023/24. The NHS, with its £181.7 billion annual budget, is a major target for fraud.
“The NHSCFA works with many partners to detect, prevent, and recover money lost to fraud. In 2023/24, their coordinated efforts prevented £184.6 million from being lost to fraud attacks on NHS funds.”
Source: The Independence
