We all have received at least one call or message telling us that our system has been compromised, our software license is about to expire, IRS agents are looking for you and now is about DEA licenses.
In one particular case con artists sent physicians a phony questionnaire asking for vital, confidential information, including their DEA numbers, social security number and credit card data. The questionnaire had a cover letter/message claiming that it was updating the physician profile in the State’s Division of Consumer Affairs and that after the profile was updated the physician would have been able to order controlled substance over the phone or via the Internet.
Similar incidents have happened where instead of a letter or email is a call asking for information or they will suspend your license by the end of the day. For example, the script will read something like:
“This is the Department of State. Our records showed that Dr. Snowbird failed to update his profile by the due date and now we will be terminating his license by tomorrow morning. Based on the HITECH Act we will have to report this to the Federal Government which shall be sending agents to conduct an audit ASAP. Please be advised that HITECH mandatory fines are $50,000 per incident and that depending on the fines the Physician and key members of the management team may be facing jail time.”
The script continues building a sense of urgency based on some truths until such time that they now you, or your office manager, is ready to deal and that is when they come up with something like:
“I can get in trouble for this but if you pay now $1,500 for administrative costs I could simple enter that information in the system and stop the whole process. I cannot promise anything and I’m risking my job by doing this, but my father was a physician and I understand your position and want to help you. Simply give me a credit card number where we can process these charges and I’ll close the case.”
You just open the door by agreeing to pay and giving a valid credit card to an unknown person.
The facts and common denominators about these calls are as follows:
Recently I heard in the news about this site (https://haveibeenpwned.com/) that allows you to check if your email and password were compromised. Sadly to say, “pwned” found my email has been disclosed in at least 7 breaches in the last couple of years. This means that my information has been compromised at least seven times and during this whole time I have been unaware of the same.
My personal recommendations are simple: