Kusserow on Compliance: New FBI warning about scammers and the COVID-19 crisis

On March 20th, the FBI issued a new warning to the public about a rise in schemes related to the coronavirus (COVID-19) pandemic. The FBI warned to guard against opening documents and to research sources before clicking on links purporting to provide information on the virus; donating to a charity online or through social media; contributing to a crowdfunding campaign; purchasing products online; or giving up your personal information in order to receive money or other benefits. The FBI specifically warned to look out for fake CDC, NIH, HHS, and CMS emails. The agency noted to be particularly wary of websites and apps claiming to track COVID-19 cases worldwide and phishing emails asking to verify personal information in order to receive an economic stimulus check from the government. The fact is that government agencies are not sending unsolicited emails seeking private information in order to send money. The FBI also urges the public to be cautious of anyone selling products that claim to prevent, treat, diagnose, or cure COVID-19.  Other new scams involve seeking charitable contributions, financial relief airline carrier refunds, fake cures and vaccines, and fake testing kits. Failing to follow this advice can permit fraudsters to use links in emails to deliver malware to computers to steal personal information or to lock the computer and demand payment. With the current crisis, the FBI is concerned that many will lower their guard against scammers and, therefore, need to be reminded about these threats.

Tips for Compliance and Privacy Officers

  • Alert employees to beware of COVID-19 communications
  • Remind employees to not click on email links/attachment, or respond to inquiries
  • Regularly test users to make sure they are on guard
  • Configure email servers to block zip or other files that are likely to be malicious

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: FBI Reports on business email compromise scams

BEC Scams Accounted for 50% of cyber losses last year

The FBI once again reported on the increase in cyber-criminal activity related to ransomware and business email compromise (BEC) scams. During 2019, BEC accounted for almost a half million internet and cyber-crime complaints and caused losses of more than $3.5 billion. Approximately half of the reported loses were as result of BEC, sometime referred to as EAC (Email Account Compromise) crimes, which averaged $75,000 per incident reported. This was the most damaging and effective type of cyber-crime last year. The 23,775 BEC victims accounted for $1.77 billion in losses for victims, which was on average $75,000 per complaint.

These are sophisticated scams targeting business activities and individuals performing wire transfer payments. They normally come about as result of either a compromise or spoof an email account for a legitimate person/company. They use this email account to send fake invoices for business contractors. Sometimes they are sent to employees. They are designed to trick people into wiring money into the wrong bank accounts. An example of this relates to the diversion of payroll funds, wherein HR or payroll receives an email appearing to be from an employee requesting to update and change their direct deposit information for the current pay period, generally routing it to a pre-paid card account.

The most recent innovation has been scammers mimicking employee’s own CEO to steal funds from the payroll department. They hack into a company’s email server and identify which executives’ email addresses they can spoof to trick unsuspecting employees. The FBI also noted a decrease in the number of ransomware complaints, however a rise in the amount of losses per incident. Additionally, 764 health care providers reported being ransomware victims in 2019.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: DOJ reports 2019 False Claims Act Recoveries of over $3B

The DOJ obtained more than $3 billion in settlements and judgments from civil cases involving fraud and false claims against the government in fiscal year 2019. Recoveries since 1986, when Congress substantially strengthened the civil False Claims Act, now total more than $62 billion. Of the more than $3 billion in settlements and judgments recovered, $2.6 billion related to the health care industry.

This was the tenth consecutive year that health care fraud settlements and judgments have exceeded $2 billion. Whistleblower, or qui tam, actions comprise a significant percentage of the False Claims Act cases that are filed. Of the $3 billion in settlements and judgments reported by the government in fiscal year 2019, over $2.1 billion arose from lawsuits filed under the qui tam provisions of the False Claims Act.

During the same period, the government paid out $265 million to the individuals who exposed fraud and false claims by filing these actions. The number of lawsuits filed under the qui tam provisions of the Act has grown significantly since 1986, with 633 qui tam suits filed this past year—an average of more than 12 new cases every week. In its news release, the DOJ noted that it had increased holding individuals accountable and cited examples of actions taken against responsible executives.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: OIG program exclusions reported for second half of 2019

Total of 2640 new exclusions added to the LEIE in 2019

Under the Social Security Act, the HHS Office of Inspector General (OIG) is able to exclude individuals and entities from participation in Medicare, Medicaid, and other Federal health care programs. Exclusions are required (mandatory exclusion) for individuals and entities convicted of the following types of criminal offenses: (1) Medicare or Medicaid fraud; (2) patient abuse or neglect; (3) felonies for other health care fraud; and (4) felonies for illegal manufacture, distribution, prescription, or dispensing of controlled substances. The OIG is also authorized (permissive exclusion) to exclude individuals and entities on several other grounds, including misdemeanors for other health care fraud (other than Medicare or Medicaid); suspension or revocation of a license to provide health care for reasons bearing on professional competence, professional performance or financial integrity; provision of unnecessary or substandard services; submission of false or fraudulent claims to a federal health care program; or engaging in unlawful kickback arrangements. The Patient Protection and Affordable Care Act (ACA) added another basis for imposing a permissive exclusion, that is, knowingly making, or causing to be made, any false statements or omissions in any application, bid, or contract to participate as a provider in a federal health care program, including managed care programs under Medicare and Medicaid, as well as Medicare’s prescription drug program.

During this semiannual reporting period, the OIG excluded 1,347 individuals and entities from Medicare, Medicaid, and other federal health care programs. Most of the exclusions resulted from convictions for crimes relating to Medicare or Medicaid, patient abuse or neglect, financial misconduct, controlled substances, or as a result of license revocation. The OIG completed the deployment of a new service for State Medicaid Fraud Control Units (MFCUs) to report convictions through a central web-based portal for exclusion. This improved reporting from those agencies. A list of excluded individuals and entities can be found at https://exclusions.oig.hhs.gov/.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.