Cyber Security Cyber Security
  • 24 July 2017

Fraudsters find new methods to target Healthcare related businesses.

As with many other sectors, those in the Health sector need to maintain a high level of vigilance in order to spot fraudsters who continue to develop new, increasingly sophisticated tactics to steal their funds.

This is particularly the case with cyber fraud attacks where criminals can easily hide their identity from unsuspecting victims. Ransomware and Cyber Extortion are both relatively recent types of fraud seen targeting the Health and care industry.


Ransomware - is a type of malicious software, known as Malware, which blocks or restricts access to the infected computer system. Fraudsters usually infect a victim’s PC by encrypting files on the system’s hard drive and then threatening that the user will not be able to access their data again unless a ransom is paid. The files will be almost impossible to decrypt without paying the ransom for the encryption key and this forces many victims into paying the ransom to the fraudster, usually in bitcoins which are difficult to trace.

Cyber Extortion – is a crime which occurs when a fraudster issues a threat and demand via online methods to a potential victim. As with Ransomware, the demand is usually aimed at forcing a payment to the fraudster in bitcoins or they will carry out their threat.  Threats can vary but may include fraudsters leaking confidential data obtained from the victims PC out on to the internet, or they could threaten to post thousands of negative comments about the victims business using online review sites, causing reputation damage.

Businesses should protect themselves against these types of fraud by:

·        Ensuring they have a good quality Anti-Virus software suite, which is scanned and updated regularly.

·        Carrying out operating system updates as soon as they become available.

·        Promoting awareness amongst practice staff to ensure they think before they click on unknown links.

·       Considering where their data resides. Ransomware is usually restricted to local hard drives or locally available shared drives. Information assets should therefore be held in at least two totally separated locations, such as a portable hard disk for daily backups of important data, and an additional network-attached storage for larger backups.

·       Retain the original cyber extortion emails, with headers. Maintain a timeline of the attack, recording all times, type and content of the contact and report it to Action Fraud.

Of course, it’s still important to be alert to the other common fraud scams known to target the healthcare sector, including:

Invoice Fraud – where a fraudster sends an email or letter which appears to have been sent by a known supplier to the practice, asking them to make future payments into a new account number. If the request is not verified to make sure it’s genuine, the next payment could go to the fraudster.

CEO Fraud – This is the name given to the scam where fraudsters hack into or imitate the email account of a senior person within the business and send an email to a member of staff asking for an urgent and often highly confidential payment to be made. If the member of staff doesn’t independently verify that the email is genuine, funds will be sent to the account details supplied in the fraudulent email.

Most important :-

·         Never divulge online banking passwords or online banking secure codes to anyone on the telephone, even if you think you’re talking to the bank.

·         Don’t rely on your phone’s caller display to identify a caller. Fraudsters can make your phone’s incoming display show a genuine number.

·         Be aware that a bank will never call you and tell you to transfer your money to a “safe” account.

·         If you see unusual screens or pop-up boxes when using your online banking or unusual requests to enter bank passwords, log out immediately and call your bank.

·         If possible, set up your online banking so that two separate people are required to make any payments.

All fraud targeting you, even if it’s been prevented, should be reported to


For more information please visit Lloyds Bank to review their online fraud guidance brochure.