Kusserow on Compliance: Arrest of the University of Pittsburgh Medical Center hacker

An individual was indicted by a federal grand jury in Pittsburgh and arrested on charges associated with the 2014 “hacking” theft of University of Pittsburgh Medical Center (UPMC) human resources database that included personally identifiable information (PII) of over 65,000 UPMC employees. He was charged with fraud, aggravated identity theft, and selling of the information on the dark web to buyers around the world. The buyers, in turn, engaged in massive campaign of further scams and theft, including the filing of thousands of false IRS tax returns, leading to $1.7 million in false tax return refunds.

Additionally, the indictment alleges that the hacker, from 2014 through 2017, using the acronyms “TDS” or “DS,” regularly sold other PII to buyers on dark web forums, which could be used to commit identity theft and bank fraud. According to the Indictment, the hacker sold the stolen information on dark web forums for use by conspirators, who promptly filed hundreds of false tax return Form-1040 using UPMC employee PII. These false 1040 filings claimed hundreds of thousands of dollars of false tax refunds, which they converted into Amazon.com gift cards, which were then used to purchase Amazon merchandise which was shipped to Venezuela. The case was investigated by the Secret Service, IRS, and Postal Inspection Service. As a side note, six years ago, the case resulted in a major legal battle after employees sued UPMC for negligence and breach of contract. The state high court also ruled that UPMC may be responsible monetary damages if the plaintiffs can prove the health system acted negligently.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: DOJ moves on first criminal cases of COVID-19 fraud

The Department of Justice (DOJ) brought fraud charges against the president of a medical technology company in connection with a scheme to commit health care fraud with the submission of over $69 million in false and fraudulent claims for allergy and COVID-19 testing. The allegation is that he defrauded Medicare through illegal kickbacks and bribes and then turned to exploiting the pandemic by fraudulently promoting an unproven COVID-19 test to the market. The hoax leveraged off the fear of the pandemic with the company touting that his laboratory was the only one in the world that offered revolutionary “microarray technology,” which tested allergies and COVID-19 based on a drop of blood that was 250,000 times smaller than the amount required by technology touted by others.

The press announcement stated that beginning in or around 2018 and continuing to in or around February 2020, the company president and others paid kickbacks and bribes to recruiters and doctors to run an allergy screening test, using his Arrayit product, on every patient regardless of medical necessity, and then made numerous misrepresentations about the results. As the COVID-19 crisis began to escalate in March 2020, he and others made false claims concerning Arrayit’s ability to provide accurate, fast, reliable and cheap COVID-19 tests in compliance with state and federal regulations, and made numerous misrepresentations to potential investors about the COVID-19 tests and Arrayit’s future prospects for COVID-19 testing. The company president stated that it was simple to develop a test for COVID-19 because the switch from testing for allergies to testing for COVID-19 was a simple and easy step, but he and others never disclosed that there were questions about the validity of its data and the accuracy of its COVID-19 test. The press announcement reaffirmed that investigating COVID-19 fraud scams billed to federal health programs continues to be a top priority, noting that ongoing public health crisis has spawned a rash of fraudulent schemes.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: FBI’s latest report on efforts to curb cyber-crimes

The FBI’s Internet Crime Complaint Center (IC3) was created to gather data on a new but rapidly growing type of crime. In its first full year of operation, the center received 50,000 complaints that has grown to over 5 million reports of thefts, scams, frauds, and other crimes with an online nexus, resulting in over $10 billion in losses since 2015 alone. In its report, the FBI made note that threat mitigation is its top priority regarding cyber-crime. The IC3 has allowed for increased reporting and information sharing, which often prevents further victimization, and enables accountability.

The crimes catalogued by the IC3 have mirrored the evolution of the web across two decades, including the growth in sophistication of crimes as well as the number of crimes as the web has become a central feature of daily life. In the first full year of IC3 reporting, the most commonly reported crimes included internet auction fraud, non-delivery schemes, advance payment schemes, and credit card fraud. Since then, threats have evolved into more destructive and costly data breaches and network intrusions, ransomware, romance scams, and sophisticated financial crimes such as business email compromise. Scammers are ready to exploit various tragedies and disasters, such as Hurricanes Rita and Katrina, and the Boston bombings.

During the current COVID-19 pandemic crisis, scammers are working overtime with fake cures, investments schemes, selling personal protective equipment without the inventory on hand, and looking to take advantage of a more concentrated online presence during a time of increased telework and distance learning. Criminals are exploiting a public health emergency to steal from and deceive people who are vulnerable, worried, or seeking vital supplies and assistance.

In 2018, there was the creation of the FBI’s Recovery Asset Team (RAT) to streamline communication between financial institutions and FBI field offices to prevent criminals from successfully obtaining funds through fraudulent transactions. The RAT effectively recovered over $300 million in 2019 alone. Last year, the RAT, along with IC3’s Recovery and Investigative Development (RAID) team, brought together law enforcement and financial institutions to share data to gain a better understanding of the networks and methods used by cyber fraudsters resulting in the enhanced ability to identify criminals.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: 2020 Compliance office staffing levels

75% of compliance offices are staffed with only one part- or full-time person

Over half of compliance offices are not expecting budgetary increases

The following are results from the report for the 2020 SAI Global Healthcare Compliance Benchmark Survey developed with and analyzed by Strategic Management. Data was gathered with respect to the adequacy of resources for Compliance Officers in meeting their challenges. Reading the details of the responses suggest that many compliance offices are likely operating with less than fully adequate resources to meet their obligations.

Survey results indicated that the average compliance office staff levels are five with about one third of respondents reporting only one full-or part-time person. Thirty percent reported having two and five persons with one quarter reported six or more staff; and one fifth reported compliance offices over 10 staff members. In a related question, over half of respondents indicated they are expecting their budget to remain mostly the same with about one quarter expecting some increase. Given the average staffing level of compliance offices, increasing responsibilities, heightened enforcement by government agencies, and limited increases in budgetary resources, it is likely that most compliance offices are stretching their limited resources. The Survey also found that many are turning to external vendors to provide services and tools, to stretch limited staff resources and to lower operating costs.

For more information about the Survey, contact Richard Kusserow at rkusserow@strategicm.com.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.