Fraudulent Times
A newsletter from your Counter Fraud Specialist
Issue 36,Winter/Spring
2016/17
Inside this issue...
Welcome to the
Winter/Spring Edition
of Fraudulent Times.
This
newsletter
is
designed
to
highlight
areas of fraud within the
NHS and to help you
understand why we need
to combat it effectively. By
raising awareness of fraud
cases it will help you to
identify what fraud is and
where it is most likely to
occur.
As always, I hope that you
will find our newsletter a
useful
and
interesting
read. We value feedback
on the content so if you
have any comments or
suggestions for topics in
future
editions
please
email these to us at the
address at the bottom of
the page.
Penny Gee
Assistant Director
Anti-Crime Services
360 Assurance
If you wish to report any
concerns regarding fraud,
bribery
or
corruption,
please contact a member
of our team (details can be
found on the back page) or
ring our fraud, bribery and
corruption reporting line
0116 225 6121 or the NHS
Protect Reporting Line on
0800 028 4060.
The National Fraud Initiative
P2
Lancashire Consultant Radiologist
pleads guilty to £24,000 NHS Fraud
P3
NHS Protect Self-Assessment
Review Toolkit
P3
Spotlight on Cyber Crime!
P4
Scam Updates
P5
Team News
P5
ACS Contacts
P6
T
wo respected mental health
professionals
have
been
revealed as fraudsters after
being investigated by NHS
Protect. Lisa Hill (55) and Dr Ian
Walton (59) pleaded guilty to Fraud
(Contrary to Section 2 of the Fraud Act
2006) for defrauding their former
employer, Sandwell and West Birmingham Clinical Commissioning
Group (SWBCCG), of £153,600. At the time of the offence, Hill was
a Senior Commissioning Manager for Mental Health and a
registered nurse, while Walton was a GP and clinical lead for Mental
Health. They have each been sentenced to two years’
imprisonment, suspended for two years, plus 200 hours of unpaid
work. Under a Proceeds of Crime Act (POCA) order made at the
court, they must pay back the full amount of £153,600 in
compensation (half each) within three months plus £7,500 each in
prosecution costs. As well as their NHS roles, they were both
trustees of a charity called Primary Care Mental Health and
Education (PRIMHE), and Hill and Walton delivered training in their
private capacities under the charity name, attracting students from
all over the UK. In 2012, Sandwell and West Birmingham NHS
Primary Care Trust (S&WB PCT) was coming to an end, being
succeeded by the clinical commissioning group (SWBCCG). For a
time, commissioners could apply for special ‘Innovations’ funding for
schemes that improved quality of service to the public, by submitting
business cases. But in December 2012, when Sandwell & West
Birmingham PCT was in effect the SWBCCG in (continued on page 2)
[email protected]
© 360 Assurance, 2015. All rights reserved.
Fraudulent Times
shadow form, it was made known that this funding was no longer
available as it was needed to ease ‘Winter Pressures’, the seasonal surge in demand for NHS
services, including hospital admissions of vulnerable and elderly people. Knowing very well that
the ‘Innovations’ funding had already been withdrawn, Hill and Walton still tried their luck and
falsely submitted an invoice for £153,600 to SWBCCG, in the name of their PRIMHE charity. The
money was signed off in error by a senior member of SWBCCG’s finance department, and duly
arrived in the charity’s bank account. At this point Hill and Walton took advantage of their access
as trustees and transferred 95% of it to a bank account under their control, held by a company
registered to them called Walton Hill Associates. A colleague of Hill suspected fraud and raised
the alarm with senior staff. With the full cooperation of Sandwell & West Birmingham CCG, NHS
Protect mounted an investigation. The investigation revealed the high professional reputation and
good connections of Walton and Hill. For example, they had negotiated contracts with
Staffordshire University and Birmingham City University to get their training programmes
accredited and had sought accreditation by the Royal College of General Practitioners (RCGP).
They were also receiving payment as lecturers from Birmingham City University because of their
expertise in mental health. The arrangement was that staff of Sandwell & West Birmingham
CCG member practices would have their training paid for by the CCG as a commissioner. This
meant it was in Lisa Hill’s financial interests to authorise the students to attend courses she was
being paid to lecture on, and it emerged that some of these students should not have been
funded by SWBCCG. This was another aspect of Hill’s abuse of trust. In 2012, when he was
Chair of the Black Country Local Commissioning Group, Walton was named Clinical Leader of
the Year at the National Association of Primary Care Commissioning (NAPC) Visions Awards,
presented by Practical Commissioning Magazine. The awards “recognised the hard work of
clinical commissioners, and what they have achieved through service redesign.” His work with
the Primary Care Mental Health and Wellbeing Service was highlighted in October 2011. Hill and
Walton are also known to have created a further company in order to deliver training to students,
Top of The World Training Ltd (NHS Protect, 21 December 2016).
(continued from front page)
The National Fraud Initiative
Since 1996, the Audit Commission and more recently the Cabinet Office
have run the National Fraud Initiative (NFI). The NFI works by
cross-referencing an extensive range of data from almost 1300
organisations across the UK, bodies involved include; the NHS; police
authorities; local probation boards; fire and rescue authorities; as well as local councils and a
number of private sector organistions.
How it works;
Information held by participating bodies is shared with the Cabinet office for ‘data-matching’. This
involves comparing computer records held by one body against those held by another, to identify
any similarities. Where a match is found it can indicate any inconsistency and further
investigation is conducted by the relevant organisation, to establish whether there is any fraud,
error or other explanation.
The aim of the NFI is to ensure that, whilst upholding and protecting citizens’ rights in relation to
their personal data at all times, it continues to serve the public interest by;


Safeguarding public money against losses from fraud and corruption; and
Making an effective contribution to the wider fight against fraud.
The NFI, between 2014 and 2016, resulted in the dismissal or resignation of 52 employees that
had no right to work in the UK.
[email protected]
2
Fraudulent Times
Lancashire Consultant Radiologist pleads guilty to £24,000 NHS fraud
A Royal Preston Hospital doctor who defrauded the NHS of nearly
£24,000 has pleaded guilty to a ‘rolled up’ charge of Fraud by
False Representations. Consultant Radiologist John Coffey (53) is
due to be sentenced on 3rd March. The hospital doctor was
suspended and then resigned from his well-paid senior role at
Lancashire Teaching Hospitals NHS Foundation Trust after being
caught out. He was investigated by Local Counter Fraud
Specialists, with support from the national counter-fraud body,
NHS Protect. As a Consultant Radiologist, Coffey was responsible for reviewing and reporting on
a variety of medical scans. He was not contracted to study plain film scans from standard x-rays
as part of his job plan, but he agreed to do so at a rate of £4 per film, outside his working hours
(after 5pm) to help his department to clear a ‘waiting list’ backlog. Previously, he had said he was
far too busy and without any capacity for any additional duties. Once extra money was made
available for the extra work, however Coffey completed most of it within his normal working
hours. He effectively claimed himself an unearned, unapproved bonus at the hospital’s – and
ultimately the taxpayer’s – expense. In an audacious yet simple scam, he would line up the
almost-completed reports after working on them earlier in the day and wait until 5pm to re-enter
the clinical IT system and hit the “submit” button. When later challenged, he tried to argue he had
technically completed the work after office hours. In one day in March 2014, between 11:20am
and 5pm, the consultant reviewed and reported on 100 plain film x-rays during a session when
he was supposed to be doing his normal job plan work: a £400 loss to the NHS. The fraud
investigation showed this was not a one-off. Coffey was routinely and consistently undertaking
‘after hours’ waiting list work during NHS contracted hours. In just over a year (between Autumn
2013 and Autumn 2014) Coffey’s series of frauds bumped up his earnings by £23,916. This
breaks down to £4 each for 5,979 plain film reports he claimed for as ‘waiting list’ work that he
actually undertook during his normal working day. When interviewed under caution, the
consultant strenuously denied having been dishonest - but was unable to offer a good reason for
entering each x-ray patient’s record once before, and once after, 5pm. Coffey stated that
although he had completed the work during the day, as he hadn’t pressed the submit button until
after 17:00hrs, it was not his fault if he was “efficient”. The defrauded amount has been
recovered in full (NHS Protect 06 February 2017).
Did you know
NHS Protect Self-Assessment Review Toolkit
NHS Protect leads on work to identify and tackle crime across the health service. The aim is to
protect NHS staff and resources from activities that would otherwise undermine their
effectiveness and their ability to meet the needs of patients and professionals. Ultimately, this
helps to ensure the proper use of valuable NHS resources and a safer, more secure
environment in which to deliver and receive care. Each year, health bodies across England are
required submit a self-assessment of their compliance against NHS Protect Standards
regarding fraud, bribery and corruption. For 2017/18, the deadline has been brought forward to
1st April 2017. Our team will therefore be completing a range of activities during February and
March 2017 to ensure that we are able to aid client organisations in accurately scoring their
compliance against these standards. If you are contacted by a 360 Assurance Anti-Crime
Specialist during this busy period, we would be grateful if any information requests could be
expedited as they may be directly related to your organisation’s self-assessment.
[email protected]
3
Fraudulent Times
Spotlight on Cyber Crime!
With 1,000 attacks reported every hour and individual breaches costing an
average of between £65K to £115K, Cybercrime costs the UK economy over
£27bn per annum.
NHS computer systems are increasingly vulnerable to attacks by cybercriminals and North Lincolnshire and Goole NHS Foundation Trust was
recently forced to shut down the majority of its electronic systems and cancel
all planned operations, outpatient appointments and diagnostic procedures for
two days after a computer virus was detected.
Cybercrime is a bigger risk now than ever before due to the sheer number of
connected people and devices. It is important that all staff are aware of typical
cyber-security risks and some simple measures to ensure you do not
inadvertently fall victim or expose others to cybercrime.
What is Cybercrime? In a nutshell, it is simply a criminal act that has some kind of computer involvement and
includes traditional crimes conducted through the internet such as theft, fraud, blackmail, harassment, and
indecency.
The days of spotting a really obvious overseas banking scam are long gone! Hackers are getting more
sophisticated and will target personal greed, fear or curiosity, so it is worth repeating the reminder not to click any
links or reply to emails that are unsolicited or suspicious.
Types of Cyber Attacks:
Good Practice to Help Prevent Cybercrime
Computer viruses are program code that has been  Make sure you use strong passwords that you change
designed to secretly copy itself into other such codes or
regularly. Don’t share these with anyone and don’t use the
computer files.
same password for all your accounts.
Denial of service attack This is where an Internet site is  Never reply to spam or unsolicited emails from an unknown
made unavailable, typically by using multiple computers to
or untrusted sender or click on links or attachments within
repeatedly make requests that tie up the site and prevent it
them as these can often contain viruses or take you to
from responding to requests from legitimate users.
websites containing inappropriate material.
Identity theft is the act of a person illegally obtaining
information about someone else such as full name, maiden  Never share your personal data such as bank details,
identity details or where you live with anyone that you don’t
name, address, date of birth, NHS number, passwords,
know or can’t verify their details.
phone number, e-mail, and credit card numbers.
Internet fraud Hackers are getting more sophisticated and  Make sure you always log off when closing down your
will target personal greed, fear or curiosity.
computer otherwise the next person to use it may already be
logged into your account.
Malware is malicious software that typically infects a
computer through e-mail, websites, or attached hardware  Regularly review your privacy settings on social networking
devices such as USB keys and is designed to cause
sites so that only people you know can see your information
damage without the users consent. It includes all the
and photos.
different types of threats to computer safety such as
 When making online purchases make sure the connection is
ransomware viruses, spyware, worms, trojans, and so on.
secure by looking for the padlock icon at the top or bottom of
Mandate fraud is when someone gets you to change
the internet browser. Secure web addresses should also
banking details by pretending to be an organisation you
begin with ‘https’.
make payments to, for example a business supplier.
Phishing e-mails appear to be from a reputable source and  Don’t provide personal details via email. Your bank will never
ask for passwords or security codes online via email.
contain either links or attachments that either take you to a
bogus website or install malware on your computer. 360  Be mindful that phishing emails are not usually sent to your
CFS have seen recent increases in these emails targeted at
own name, general terms are used such as ‘Dear Customer.
specific NHS staff.
They tend to request immediate action and often contain
spelling and grammatical mistakes.
Victim of cybercrime? Here’s what to do.
For advice about IT contact your organisations IT Department.
To report concerns about NHS fraud contact your Anti-Crime Specialist.
ActionFraud is the UK’s national cyber crime reporting centre—call 0300 123 2040 or report concerns online.
[email protected]
4
Fraudulent Times
SCAM UPDATES
Medical Practices Targeted by CEO Fraud
The National Fraud Intelligence Bureau (NFIB) has seen an increase in the volume of Chief
Executive Officer (CEO) Fraud reports whereby medical practices are the targeted victim in
recent months.
How the fraud works?
A medical practice is targeted by a fraudster who purports to be a senior partner (or CEO equivalent). The fraudster contacts a
member of staff with responsibility for authorising financial transfers, requesting payments to be made into bank accounts under
the pretence of a highly sensitive or urgent transaction.
Initial contact appears to primarily be made via email from an address similar to the one the senior partner would use, although
the suspect may telephone to complete the fraud if required. In addition, the fraudster may also introduce a second fraudster, who
poses as a lawyer or regulator. With a strong social engineering element, the fraudster often requests that they are not contacted
further by the authorising member of staff as they are busy. Alternatively the fraudster may pick occasions when the genuine
senior partner is on holiday, therefore preventing the authoriser from checking the validity of the request. This type of fraud has
resulted in substantial financial losses for several practices that have fallen victim.
How to prevent against CEO fraud



Review internal procedures regarding how transactions are requested and approved, especially those in relation to
verifying validity.
Check email addresses and telephone numbers when transactions are requested. If in doubt request clarification from an
alternatively sourced email address/phone number.
Don’t be afraid to question details when being tasked to transfer money at short notice.
Fake Bank Letters Scam!
Lloyds customers should be on the lookout for a new sophisticated fraud that involves fraudsters
sending fake bank letters. The convincing letters being sent are a replica template from Lloyds and
include their logo, address and signature from a customer service representative. The letter tells
recipients that there have been some “unusual transactions” on their personal account and asks
them to call a number highlighted in bold to confirm they are genuine. When victims call the number,
an automated welcome message is played and the caller is asked to enter their card number,
account number and sort code followed by their date of birth. Victims are then instructed to enter the
first and last digit of their security number. The letters are essentially a sophisticated phishing attempt
and serve as a warning to consumers to question written correspondence from their banks. If you are ever suspicious about
correspondence from your bank you should call the customer service number on the back of their payment card.
Payment Diversion Alert
Fraudsters are emailing members of the public who are expecting to make a payment for property repairs. The fraudsters will
purport to be a tradesman who has recently completed work at the property and use a similar email address to that of the genuine
tradesman. They will ask for funds to be transferred via bank transfer. Once payment is made the victims of the scam soon realise
they have been deceived when the genuine tradesman requests payment for their services.
Protect yourself




Always check the email address is exactly the same as previous correspondence with the genuine contact.
For any request of payment via email verify the validity of the request with a phone call to the person who carried out the
work.
Check the email for spelling and grammar as these signs can indicate that the email is not genuine.
Payments via bank transfer offer no financial protection; consider using alternative methods such as a credit card or
PayPal which offer protection and an avenue for recompense.
TEAM NEWS
We have recently been successful in recruiting to the position of Anti-Crime Team Manager
within the team. Gary Roe joined us in mid January to take up this position. Gary brings with
him a wealth of experience in the role, having previously worked as a Local Counter Fraud
Specialist at 360 Assurance (and its predecessor organisation) for 7 years before taking up a
role at a provider organisation as a Compliance Manager for a period of 2 years. Gary will
operationally manage the pro-active fraud work and investigations carried out by 360 Assurance and can be
contacted on 07827 283030 or [email protected].
[email protected]
5
Fraudulent Times
ACS Contacts
Deputy
Director
Allan Mason
Telephone: 0116 225 6114
Mobile: 07976411727
Email: [email protected]
Principal AntiCrimeSpecialist
(Notts & Derbys)
Joanna Clarke
Telephone: 0115 883 5322
Mobile: 07816272666
Email: [email protected]
Responsible for: Nottingham University Hospitals
NHS Trust, East Midlands Ambulance Service
NHS Trust
Principal AntiCrime Specialist
(Leics & Lincs)
Matthew Curtis
Telephone: 0116 225 6122
Mobile: 07920138329
Email: [email protected]
Responsible for: Leicestershire Partnership NHS
Trust. Lincolnshire Partnership NHS Foundation
Trust
Anti-Crime
Specialist
Alex Holden
Telephone: 0116 225 6121
Mobile: 07920138835
Email: [email protected]
Responsible for: Derbyshire Health United,
Nottingham CityCare Partnership CIC, Derby
Teaching Hospitals NHS Foundation Trust,
Leicester City CCG, West Leicester CCG, East
Leicester & Rutland CCG
Anti-Crime
Specialist
Claire Croft
Telephone: 01709 428710
Mobile: 07920138354
Email: [email protected]
Responsible for: Barnsley Hospital NHS
Foundation Trust, Sheffield Teaching Hospitals
NHS Foundation Trust, Rotherham CCG,
Barnsley CCG
Anti-Crime
Specialist
Liz Coleman
Telephone: 0115 8835320
Mobile: 07920138329
Email: [email protected]
Responsible for: Nottinghamshire Healthcare
NHS Trust
[email protected]
Assistant Director
Anti-Crime Services
Penny Gee
Telephone: 0115 883 5323
Mobile: 07715807250
Email: [email protected]
Responsible for: Derbyshire Community Health
Services NHS Foundation Trust, Derbyshire
Healthcare NHS Foundation Trust
Principal AntiCrime Specialist
(South Yorks)
Robert Purseglove
Telephone: 01709 428701
Mobile: 07827842964
Email: [email protected]
Responsible for: Sheffield Health and Social Care
NHS Foundation Trust, Chesterfield Royal
Hospital NHS Foundation Trust, Sheffield
Children’s NHS Foundation Trust, Sheffield CCG
Anti-Crime
Specialist
Ian Morris
Telephone: 0116 225 6120
Mobile: 07920138606
Email: [email protected]
Responsible for: Nottingham North & East CCG,
Nottingham West CCG, Rushcliffe CCG, North
Derbyshire CCG, Erewash CCG, Hardwick CCG
Anti-Crime
Specialist
Amanda Smith
Telephone: 01709 428701
Mobile: 07920138323
Email: [email protected]
Responsible for: Rotherham Doncaster & South
Humber NHS Foundation Trust, The Rotherham
NHS Foundation Trust, Doncaster CCG,
Bassetlaw CCG
Anti-Crime
Specialist
Matthew Evans
Telephone: 0115 883 5321
Mobile: 07902045237
Email: [email protected]
Responsible for: Sherwood Forest Hospitals
NHS Foundation Trust, Circle Health Limited
Anti-Crime
Specialist
Beverley Graham
Telephone: 0116 225 6112
Mobile: 07584521340
Email: [email protected]
6