Recent analysis from the FBI and other government agencies demonstrates that malicious actors are targeting travelers abroad through pop-up windows while they are establishing an Internet connection in their hotel rooms.

Recently, there have been instances of travelers’ laptops being infected with malicious software while using hotel Internet connections. In these instances, the traveler was attempting to set up the hotel room Internet connection and was presented with a pop-up window notifying the user to update a widely used software product. If the user clicked to accept and install the update, malicious software was installed on the laptop. The pop-up window appeared to be offering a routine update to a legitimate software product for which updates are frequently available.

The FBI recommends that all government, private industry, and academic personnel who travel abroad take extra caution before updating software products through their hotel Internet connection. Checking the author or digital certificate of any prompted update to see if it corresponds to the software vendor may reveal an attempted attack. The FBI also recommends that travelers perform software updates on laptops immediately before traveling, and that they download software updates directly from the software vendor’s website if updates are necessary while abroad.

Anyone who believes they have been a target of this type of attack should immediately contact their local FBI office and promptly report it to the IC3’s website at www.IC3.gov. The IC3’s complaint database links complaints together to refer them to the appropriate law enforcement agency for case consideration. The complaint information is also used to identify emerging trends and patterns.

FBI Warning for Travlers-Laptops-and Hotel Connections originally appeared on The Identity Advocate on May 11, 2012.

Office of Public Affairs (202) 514-2007/ (202) 514-1888

WASHINGTON—Seizure orders have been executed against 36 domain names of websites engaged in the illegal sale and distribution of stolen credit card numbers, Assistant Attorney General Lanny A. Breuer of the Justice Department’s Criminal Division, U.S. Attorney Neil H. MacBride of the Eastern District of Virginia, and Acting Executive Assistant Director Kevin Perkins of the FBI’s Criminal, Cyber, Response, and Services Branch, announced today.

The seizures are the result of Operation Wreaking hAVoC, an FBI and Justice Department operation targeting the sale of stolen credit card numbers via the Internet. The operation was coordinated with international law enforcement, including the United Kingdom’s Serious Organised Crime Agency (SOCA).

The 36 seized domains are in the custody of the federal government. Visitors to the sites will now find a seizure banner that notifies them that the domain name has been seized by federal authorities.

“The websites we are targeting today were commercial outlets for stolen credit card information,” said Assistant Attorney General Breuer. “By making this information available on the Internet, these websites facilitated fraud on credit card holders around the world. The actions announced today are the result of extraordinary coordination with our international law enforcement partners and reflect our commitment to use every tool at our disposal to shut down fraudulent, criminal enterprises.”

“Countless lives are thrown into financial turmoil because of these websites,” said U.S. Attorney MacBride. “With a few simple clicks, thousands of stolen credit card numbers can be bought or sold to fraudsters anywhere in the world. Today’s seizures are part of an ongoing campaign to disrupt this online market regardless of where it operates.”

“By seizing the websites the criminal underground uses to blatantly sell stolen personal information, Operation Wreaking hAVoC shows that we are committed to protecting individuals online and preventing criminals from using the Internet to line their pockets,” said FBI Acting Executive Assistant Director Perkins. “The FBI and our partners around the world are committed to disabling these criminal networks. No single law enforcement agency can fight cyber crime on its own, and the FBI is proud to be a part of such an outstanding effort by all of the participating agencies.”

The websites of the seized domain names are commonly referred to as Automated Vending Carts (AVCs). An AVC is a website that functions as an open-ended invitation to any visitor to purchase stolen credit card numbers. AVCs allow a user to buy stolen credit card data over the Internet, even using an online shopping cart, just like a traditional online retailer. Some AVC sites allow a buyer to select which type of credit card number to purchase, the account’s country of origin, and, in some cases, the state in which the account holder lives. AVCs allow sellers to traffic stolen credit card data without communicating directly with buyers.

During this operation, law enforcement officials made undercover purchases of credit card numbers, including credit card numbers issued by Bank of America, SunTrust, and Capital One. The banks confirmed that the sites were not authorized to sell the credit card numbers. Seizure orders were obtained from a federal magistrate judge in the Eastern District of Virginia.

This U.S. operation was led by FBI’s Washington Field Office; the Computer Crime and Intellectual Property and Asset Forfeiture and Money Laundering Sections of the Justice Department’s Criminal Division; and the U.S. Attorney’s Office for the Eastern District of Virginia. The FBI’s Pittsburgh Field Office and the U.S. Attorney’s Office for the Western District of Pennsylvania also assisted in the investigation.

The international operation was led by the United Kingdom’s SOCA. The Australian Federal Police (AFP); German Bundeskriminalamt (BKA); United Kingdom’s Dedicated Cheque and Plastic Crime Unit (DCPCU); Macedonian Ministry of Interior Cyber Crime Unit (MOI); Ukraine Ministry of Internal Affairs; Romanian Ministry of Interior; and the Dutch High-Tech Crimes Unit (KLPD) provided assistance. Activities conducted by these international law enforcement agencies included arrests of AVC operators and purchasers, additional domain seizures, and data seizures.

FBI Press Release – sale and distribution of stolen credit card numbers originally appeared on The Identity Advocate on April 30, 2012.

As more and more baby boomers reach their golden years, more and more of them need the services of homecare and hospice agencies. This rapid influx is good for the industry, but agencies need to be as vigilant as ever in their hiring practices of caregivers.

Why? Because medical identity theft is on the rise, and homecare and hospice agencies are easy targets. You need to take immediate action to safeguard your agency, reputation, and clients from the growing threat of medical identity theft.

Medical identity theft is an insidious crime in which an identity thief uses someone else’s identity to gain access to medical services, treatment, or equipment. Since elderly patients are particularly vulnerable to the dangers of medical identity theft, your agency must take extra precautions. This includes stringent hiring protocols and foolproof IT policies and procedures.

Most agencies consult with experts to ensure their entire operation is protected from medical identity theft. Through a comprehensive review of the organization, medical identity theft experts ensure that homecare and hospice agencies:
• Perform thorough background checks on all employees: Employees are the first line of defense to prevent medical identity theft, so it’s critical that homecare and hospice agencies put employees through a rigorous screening process. A medical identity theft expert assists with criminal background checks, speaking with references, and setting up a system for maintaining extensive employee records.
• Create medical identity theft policies and procedures: Professional agencies need to have a strict set of policies and procedures in place to safeguard protected health information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA).
• Ensure patient records are secure: Agencies should also have a secure IT network that only allows authorized users to access sensitive patient information. A medical identity thief can run rampant and ruin lives with the push of a button unless safeguards are built into the system. Complex passwords should be implemented only for those employees who need access to patient records.
• Make sure both the doctors and patients are “real”: Many medical identity thieves prey on the system by actually impersonating doctors and patients for monetary gain. This includes pretending to be a doctor to prescribe medication for the thief and/or his cohorts, as well as using another person’s insurance card to obtain medical services. Do your homework to ensure that physicians have professional references and admitting privileges to medical facilities.

As a homecare or hospice agency, you can significantly reduce your vulnerability to medical identity theft by working with a medical ID theft expert. Visit www.TheIdentityAdvocate.com or call 310.831.4400 to schedule your comprehensive medical identify theft review. And, don’t forget to ask how you can safeguard your agency with an eye-opening “Lunch and Learn” for your employees.

Hospice – Homecare – Preventing Medical Identity Theft originally appeared on The Identity Advocate on April 26, 2012.

Data Breaches and Electronic Health Records more source for Identity Theft originally appeared on The Identity Advocate on April 12, 2012.

Medical identity theft is a growing threat in the nefarious world of identity theft. Although it is not as well-known as financial identity theft, the impact of medical identity theft is long-lasting and life-threatening. It affects one in four Americans and accounts for three percent of all identity theft cases, or approximately 250,000 cases per year. With only one arrest made in every 700 cases, medical identity theft costs consumers and businesses nearly $60 billion each year.

Unfortunately, the financial costs of medical identity theft are only part of the problem. In addition to the devastating economic ramifications, medical identity theft can literally be a matter of life and death. An incorrect entry such as an allergy or blood type in the medical records of a victim can lead to serious reactions or death.

This informative, unforgettable presentation takes participants step-by-step through the dangers physicians, patients, and businesses face, as well as tried and true strategies for preventing medical identity theft. Attendees learn:
• Common tactics thieves use to gain access to personal information
• How to spot medical identity theft
• Latest scams
• Strategies to implement to prevent medical identity theft
• Immediate actions to take if you become a victim

Thursday, March 22nd
10:00-11:30am

Offices of Financial Network
25500 Hawthorne Blvd., Suite 1140
Torrance, CA 90505
Guest Speaker: Linda Vincent, RN. PI.
Linda Vincent is a registered nurse and private investigator with a firm belief in education. She is an identity theft and healthcare fraud prevention expert, specializes in medical consulting and investigations. With over 35 years of experience in healthcare her experience includes hospital and physician audits, managed care consulting, and healthcare fraud education, training, investigations, negotiations, and case review.
Ms. Vincent, as the Founder of The Identity Advocate is committed to providing unparalleled education, consulting, resources, and investigations to help protect professionals, corporations, and consumers from the perils of identity theft and healthcare fraud.
RSVP to Mark Tsujimoto at: (310) 373-7351 x304 or tsujimotom@financialnetwork.com
as seating is limited

Linda Vincent to speak at Offices of Financial Network, Torrance, CA – Thursday, March 22nd 10:00-11:30am originally appeared on The Identity Advocate on March 19, 2012.

Identity Theft using your Tax Return originally appeared on The Identity Advocate on February 28, 2012.

But the information being stolen could be yours. Your Social Security number, credit card information, medical information—and pretty much any other personal data you can think of—can be hacked. If it does, your identity could be used to rack-up thousands of dollars of debt that you only find out about months later. On average, restoring your good name can take as much as 6,000 hours as well.

One of the most devastating and potentially deadly forms of data breaches involves stolen electronic medical records and the resulting medical identity theft. Hackers can wreak havoc by stealing your personal health information to either sell or use themselves to impersonate you when they need medical treatment. If an identity thief gets medical treatment using your name, the thief’s medical information—such as test results, allergies, blood type, or illnesses—will become part of your medical file. Certain conditions or procedures performed using your good name can prevent you from being able to get health insurance or even receive the medical help you need.

Here are a few of the many medical data breaches where hackers have left their indelible mark:
• A December 2011 report by the Privacy Right Clearinghouse Sensitive estimated that three of the six largest data breaches in 2011 compromised 11 million patient records and healthcare organizations
• According to the Ponemon Institute, healthcare data breaches alone were up 32 percent and the average data breach loss cost $7.2 million in 2010
• The Identity Theft Resource Center stated that the theft of medical data increased by 50 percent in 2011
• 385 protected health information (PHI) breaches have affected over 19 million records since 2009
• Medical records accounted for more than one third of all records lost to data breaches in 2011
• According to Redspin, there was a 97 percent increase in medical records breached in 2011 compared to 2010

These statistics are scary, to say the least. From individuals to private practices to large corporations, medical identity theft can do irreparable harm. But it doesn’t have to. One of the most effective ways to protect yourself and your business from medical identity theft is to be proactive. Enrolling in a service such as Entrust America, the only identity theft prevention and recovery service with a 100% track record of recovering stolen identities over the past five years, is the best way to safeguard your identity.

Entrust America’s medical identity theft prevention and recovery services include:
• A 24/7 hotline to call if you suspect you have been a victim of medical identity theft. Entrust America’s on-call identity theft specialists quickly determine whether a fraud has occurred and, if so, which of the over forty different kinds of identity theft have been committed.
• Overnighting an ID Theft Resolution Kit that includes forms to be submitted to the IRS, DMV, Social Security Administration, and the three credit reporting agencies to notify them that a theft has occurred.
• Reporting the medical identity theft to your local authorities and creditors, requesting that creditors cancel existing cards and issue new ones, and placing a security freeze on your credit records that lasts for seven years.
• Contacting you with status updates whenever there is activity on your case, and following-up with creditors to ensure they properly repair your accounts.
• Recovery specialists who are all law enforcement professionals. They have the time and expertise to immediately launch a full investigation into your medical identity theft, completely reverse damages, and bring the identity thieves to justice.
• Recovery of your identity to pre-theft status. No other identity theft prevention and recovery company has a better track record of reducing the likelihood of your identity being compromised. Entrust America gives you total peace of mind.

Entrust America is not just for individuals. Professional medical practices and corporations alike can protect themselves from data breaches that can cost millions of dollars and put patients and employees at risk.

Hackers and the Growing Threat of Medical Identity Theft originally appeared on The Identity Advocate on February 22, 2012.

Office of Public Affairs (202) 514-2007/TDD (202)514-1888

WASHINGTON—Attorney General Eric Holder and Department of Health and Human Services (HHS) Secretary Kathleen Sebelius today released a new report showing that the government’s health care fraud prevention and enforcement efforts recovered nearly $4.1 billion in taxpayer dollars in fiscal year (FY) 2011. This is the highest annual amount ever recovered from individuals and companies who attempted to defraud seniors and taxpayers or who sought payments to which they were not entitled.

These findings, released today in the annual Health Care Fraud and Abuse Control Program (HCFAC) report, are a result of President Obama making the elimination of fraud, waste, and abuse a top priority in his administration. The success of this joint Department of Justice and HHS effort would not have been possible without the Health Care Fraud Prevention & Enforcement Action Team (HEAT), created in 2009 to prevent fraud, waste and abuse in the Medicare and Medicaid programs, and to crack down on the fraud perpetrators who are abusing the system and costing American taxpayers billions of dollars. These efforts to reduce fraud will continue to improve with the new tools and resources provided by the Affordable Care Act.

“This report reflects unprecedented successes by the Departments of Justice and Health and Human Services in aggressively preventing and combating health care fraud, safeguarding precious taxpayer dollars and ensuring the strength of our essential health care programs,” said Attorney General Holder. “We can all be proud of what’s been achieved in the last fiscal year by the department’s prosecutors, analysts and investigators—and by our partners at HHS. These efforts reflect a strong, ongoing commitment to fiscal accountability and to helping the American people at a time when budgets are tight.”

“Fighting fraud is one of our top priorities and we have recovered an unprecedented number of taxpayer dollars,” said Secretary Sebelius. “Our efforts strengthen the integrity of our health care programs, and meet the President’s call for a return to American values that ensure everyone gets a fair shot, everyone does their fair share, and everyone plays by the same rules.”

Approximately $4.1 billion stolen or otherwise improperly obtained from federal health care programs was recovered and returned to the Medicare Trust Funds, the Treasury and others in FY 2011. This is an unprecedented achievement for HCFAC, a joint effort of the two departments to coordinate federal, state and local law enforcement activities to fight health care fraud and abuse.

The recently enacted Affordable Care Act provides additional tools and resources to help fight fraud that will help boost these efforts, including an additional $350 million for HCFAC activities. The administration is already using tools authorized by the Affordable Care Act, including enhanced screenings and enrollment requirements, increased data sharing across government, expanded overpayment recovery efforts, and greater oversight of private insurance abuses.

Since 2009, the Departments of Justice and HHS have enhanced their coordination through HEAT and have increased the number of Medicare Fraud Strike Force teams. During FY 2011, HEAT and the Medicare Fraud Strike Force expanded local partnerships and helped educate Medicare beneficiaries about how to protect themselves against fraud. The departments hosted a series of regional fraud prevention summits around the country, provided free compliance training for providers and other stakeholders and sent letters to state attorneys general urging them to work with HHS and federal, state and local law enforcement officials to mount a substantial outreach campaign to educate seniors and other Medicare beneficiaries about how to prevent scams and fraud.

In FY 2011, the total number of cities with strike force prosecution teams was increased to nine, all of which have teams of investigators and prosecutors from the Justice Department, the FBI and the HHS Office of Inspector General, dedicated to fighting fraud. The strike force teams use advanced data analysis techniques to identify high-billing levels in health care fraud hot spots so that interagency teams can target emerging or migrating schemes along with chronic fraud by criminals masquerading as health care providers or suppliers. In FY 2011, strike force operations charged a record number of 323 defendants, who allegedly collectively billed the Medicare program more than $1 billion. Strike force teams secured 172 guilty pleas, convicted 26 defendants at trial and sentenced 175 defendants to prison. The average prison sentence in strike force cases in FY 2011 was more than 47 months.

Including strike force matters, federal prosecutors filed criminal charges against a total of 1,430 defendants for health care fraud related crimes. This is the highest number of health care fraud defendants charged in a single year in the department’s history. Including strike force matters, a total of 743 defendants were convicted for health care fraud-related crimes during the year.

In criminal matters involving the pharmaceutical and device manufacturing industry, the department obtained 21 criminal convictions and $1.3 billion in criminal fines, forfeitures, restitution and disgorgement under the Food, Drug and Cosmetic Act. These matters included the illegal marketing of medical devices and pharmaceutical products for uses not approved by the Food and Drug Administration (FDA) or the distribution of products that failed to conform to the strength, purity or quality required by the FDA.

The departments also continued their successes in civil health care fraud enforcement during FY 2011. Approximately $2.4 billion was recovered through civil health care fraud cases brought under the False Claims Act (FCA). These matters included unlawful pricing by pharmaceutical manufacturers, illegal marketing of medical devices and pharmaceutical products for uses not approved by the FDA, Medicare fraud by hospitals and other institutional providers, and violations of laws against self-referrals and kickbacks. This marked the second year in a row that more than $2 billion has been recovered in FCA health care matters and, since January 2009, the department has used the False Claims Act to recover more than $6.6 billion in federal health care dollars.

The fraud prevention and enforcement report announced today coincides with the announcement of a proposed rule from the Centers for Medicare and Medicaid Services aimed at recollecting overpayments in the Medicare program. Before the Affordable Care Act, providers and suppliers did not face a deadline for returning taxpayers’ money. Thanks to the Affordable Care Act, there will be a specific timeframe by which self-identified overpayments must be returned. The Obama Administration has made prevention and recollection of overpayments a government-wide priority. These announcements today are just the latest in a series of steps that the administration is taking to protect taxpayer dollars and keep money in the pockets of Americans.

The HCFAC annual report can be found here, oig.hhs.gov/publications/hcfac.asp. For more information on the joint DOJ-HHS Strike Force activities, visit: www.StopMedicareFraud.gov/.