Franciscan St. Francis Health Patients Targeted by Phone Scammers
Franciscan St. Francis Health, a health system serving patients in Indianapolis and south-central Indiana, has been alerted to a new telephone scam targeting its patients.
St. Francis was recently contacted by a patient who had been contacted by telephone and told she was required to pay an outstanding debt for a pacemaker provided by the hospital. The call appeared to emanate from within Franciscan St. Francis. The telephone number used for the call appeared to be from the hospital’s internal phone system.
The patient, a 78-year old woman, was given two choices. Pay the debt or return the pacemaker if it had not been used. Fortunately, the woman felt that something wasn’t right and contacted the hospital and discovered the call was a scam.
It is unclear how the scam artist obtained the phone number of the patient, or how that person was aware of the medical device used by the woman.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
According to a statement issued by the hospital to CBS, the caller ID of the hospital had been spoofed to make the call appear to have come from the hospital. The matter has now been reported to Indianapolis Metropolitan police and the incident is being investigated.
This is not the first hospital to be targeted by criminals in this manner. The spoofing of caller IDs is a tactic increasingly being used by scammers to try to obtain money from consumers. Scammers are using spoofed caller IDs to impersonate hospitals, health insurers, banks, and even Police departments.
Spoofed numbers are used for phone calls, but they also for text messages. With a spoofed number, the text messages are added to the group of legitimate messages received from a company. This adds even more legitimacy to the scam.
A request for payment of a debt to cover a medical device that had previously been provided would likely arouse suspicion, but some vulnerable patients may be fooled into providing credit card numbers to allow a payment to be taken.
While some institutions may attempt to contact patients via the telephone in an attempt to recover outstanding debts, a written notice must be issued on request. If for any reason the caller is unwilling or unable to send a written notice in the mail, it is a sure sign that it is a scam.
Telephone scams using spoofed caller IDs are also used by criminals to obtain login credentials by impersonating IT departments. It is therefore important to instruct employees never to provide login credentials over the telephone and to be wary of telephone scams as well as email phishing scams.
