Protecting the NHS from cyber enabled fraud

The NHS Counter Fraud Authority look at the cyber fraud awareness resource, launched at the end of March, as well as the key cyber threats NHS organisations should be wary of

The NHS has been under great strain for the last 18 months, dealing with the pandemic and all the challenges it presented to NHS staff and patients alike. Here at the NHS Counter Fraud Authority (NHSCFA), our work has never been more important in ensuring NHS funds are not misappropriated so that they are used for its intended purpose- patient care. During the Covid-19 pandemic, the NHSCFA saw new fraud risks appear that posed a threat to the NHS. One of them being cyber fraud. Over the past 18 months, there has been a wave of cybercrime affecting the public and the public sector. Criminals saw opportunities to take advantage of the pandemic, preying on patients and the NHS by stealing money from them through falsified means.

Cyber Fraud resource
The NHSCFA launched its cyber fraud awareness resource in July 2021, a comprehensive extension of the NHS Fraud Reference Guide that categorises different aspects of cyber crime, such as cyber threats and cyber security. The resource was developed by the NHSCFA’s Fraud Prevention Unit (FPU) in response to the cross-government effort to better understand the risks of cyber fraud. It is a detailed guide for NHS organisations, NHS staff and the public on cyber crime, providing advice on how to protect themselves against the threats and how to stay safe online.

The layout of the resource has been designed for easy use, splitting into six different areas:
•    An introduction: explaining what cyber crime is and the differences between the cyber offences to help users understand the difference between cyber dependant crime and cyber enabled crime.
•    A glossary: common cyber crime terms and associated definitions to enable users to understand the terms used within the content.
•    Key cyber threats: setting out five sections that relate to Social Engineering, Passwords, Malicious Websites, Payment Diversion Fraud and Malware.
•    Cyber Security information: includes security tips on keeping devices and data secure.
•    Cyber Quiz: designed and produced to complement the cyber fraud to test people’s knowledge of cyber fraud.
•    Reporting: includes how to make NHS related and non-NHS cyber fraud and cyber-crime reports.

Mandate fraud (payment diversion fraud)
Mandate fraud (NHS) is a type of third party payment diversion fraud, where someone outside of the NHS attempts or succeeds in extracting payments from within the NHS by asking for bank details to be changed under the guise of an NHS supplier.

Social engineering is a significant part of the payment diversion fraud process, with fraudsters posing as trusted and recognised patrons that give them a sense of authority that they use to manipulate individuals and employees into making a bank transfer or providing confidential information.

A case study of mandate fraud would be an NHS body that was a victim of a sophisticated mandate fraud which resulted in a loss of just under one million pounds. Working in partnership with a variety of law enforcement agencies, the NHSCFA investigation revealed that a sophisticated money laundering network was used to disguise and dissipate the stolen funds.

Responding to payment diversion fraud:
•    If you believe you might have revealed sensitive information about your organisation, report it to the appropriate people within the organisation, including network administrators. They can be alert for any suspicious or unusual activity.
•    If you believe your financial accounts may be compromised, contact your financial institution immediately and liaise to secure any accounts that may have been compromised. Watch for any unexplainable charges to your account.
•    Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.

The NHSCFA has guidance on invoice and mandate fraud to help NHS organisations mitigate the risks.
Action Fraud have further information on mandate fraud where you might be the victim.

Working together
The resource has come at a time where the new Government Cybercrime Strategy should be coming out soon that will set out a plan for how to protect the UK in cyber space. Cyber crime has continued to rise in scale and complexity through the years, with criminals using new and advanced technology and methods via the internet to commit their crimes. The NHSCFA worked with external stakeholders on the development of the project, adopting some of the methods used by other organisations such as the National Cyber Security Centre, Police Digital Security Centre and NHS Digital who are doing similar counter fraud and cybercrime work.

Additionally, the NHSCFA’s FPU collaborated with internal colleagues from different business units, such as Intelligence, Digital and Organisational Development, ensuring that the project is all encompassing and comprehensive.

Collaborative working is essential in countering fraud, and it will be no different in mitigating the risks associated with cyber crime. The cyber fraud awareness resource is the first step the NHSCFA have taken in joining in that fight. It has been designed around the overarching themes of ‘Prevent, Protect and Prepare’, keeping the target audience in mind (NHS Staff, Local Counter Fraud Specialists (LCFS) and members of the general public). It helps them understand how to prevent instances of cybercrime, how to protect themselves, and by providing details of the various threats and risks, prepares them by helping them understand the subject area.

If you have information concerning fraud against the NHS, please report it to us either via our online report at or by calling our fraud and corruption reporting line on 0800 028 4060. If you have been a victim of fraud or cyber crime, please report it to Action Fraud.

Next steps
The NHSCFA is currently working on a video to complement the project involving the local NHS counter fraud community and counter fraud colleagues such as Crimestoppers, National Cyber Security Centre and Police Digital Security Centre. The aim of the video is to raise awareness of cybercrime and provide clarity on remits for reporting. The video will be published on our website in the next couple of weeks so keep your eyes peeled.

Spot it
Report it
Together we stop it