The healthcare sector is increasingly being targeted by identity and cyber fraud, according to experts at professional services firm RSM Australia. The most significant threats are identity theft and cyber fraud, which can compromise patient data, disrupt services, and impose hefty financial burdens.

RSM’s national health lead, Jayesh Kapitan, and head of fraud and forensic services, Roger Darvall-Stevens, argue that the sector's complex mix of public and private funding sources creates opportunities for fraud. They explain that challenging billing and reimbursement processes are often difficult to monitor effectively, making the sector a lucrative hunting ground for cyber criminals.

"The most prevalent forms of healthcare fraud include billing for nonexistent services, falsifying patient records, kickbacks, and pharmaceutical fraud. The biggest threats, however, are identity theft perpetrated via cyberattacks and cyber fraud via false invoicing," said Mr. Kapitan. "It's a numbers game. Fraudsters can send thousands of false invoices, and only a few need to be paid to make their operations worthwhile. Unfortunately, these lapses in vigilance can severely damage a healthcare organisation's reputation and trust."

According to a 2023 report from the Office of the Australian Information Commissioner, healthcare was the top targeted sector for data breaches, with 15% of all reported breaches occurring in the sector. Given these statistics, robust processes and frequent staff training are crucial in reducing fraud risks, Mr Darvall-Stevens pointed out. He stressed that even the most robust systems can be bypassed by human error.

"Healthcare providers must stay vigilant and continually update their strategies to combat fraud," Mr Kapitan said. He noted that a significant challenge for the sector is balancing fraud risk management while keeping costs under control. "Cyber fraud risk is increasing in the health sector, despite greater awareness of what to look out for. Unfortunately, criminals are making more sophisticated attacks."

As healthcare records become increasingly digitised, cybercriminals are deploying tactics like ransomware attacks, data breaches, and phishing schemes to extract sensitive patient information. Such breaches can lead to identity theft, fraudulent medical billing and unauthorised access to prescription medications, causing severe harm, warned Mr Darvall-Stevens.

RSM Australia is imploring healthcare organisations to bolster cyber security measures, train staff to recognise cyber threats, and use robust encryption and access control. The firm is also encouraging the sector to use Australia's national Fraud and Corruption Control guide to help with prevention and detection. Mr Darvall-Stevens states it's key to implement a robust anti-fraud program, with up-to-date policies outlining every step.

"It's crucial to conduct regular risk assessments to detect potential fraud areas and offer regular training to staff on how to recognise types of fraud and report suspicions. An effective means of detecting fraud is implementing whistleblower reporting mechanisms. In fact, the Association of Certified Fraud Examiners found that 58% of fraud in the Asia-Pacific region was detected through a whistleblower tip," Mr Darvall-Stevens said.

The experts concluded by emphasising the importance of ongoing, proactive measures to combat healthcare fraud. "As the healthcare landscape evolves, so do the methods of fraud. The risks are high, making fraud a significant challenge for the sector," they said.