//Blogs - 7 Jul 2017

Phone scams targeting a variety of organisations in the Health industry

AusCERT has recently received numerous reports of phone scams targeting a variety of organisations in the Health industry. The exact nature of the unsolicited calls varies but has included conference and event invites, training sessions, and attempts to confirm personal details of the callee or others in the organisation.  The callers have claimed to be associated with varied groups including GE Healthcare (who have been alerted to this), NEOH and the called organisation itself. Organisations should also be aware that fraudsters claiming to be from various GE businesses (including public reports of criminals using the name of GE Healthcare) often commit recruitment fraud and may do so as part of this activity.

While phone scams such as these are ever present this recent spate of reports we have received specifically from the Health industry suggests the current need for increased awareness amongst Health industry organisatons.

AusCERT encourages members to review their current security awareness of their staff in relation to phone scams and consider alerting staff to this current activity.

Guidelines for staff would include what steps to take when receiving unsolicited calls, the type of information that can and can not be provided, and any reporting guidelines. AusCERT recommends staff are encouraged to report unsolicited or suspicious calls so that organisations can monitor for concerted attacks. AusCERT has received reports of numerous calls to the same organisation (and individual) over a very short period of time.

Information on what to do should also be provided for staff that have been defrauded or provided personal or organisational information.

Useful resources include:

To help gauge how wide spread this activity is AusCERT would appreciate any feedback from organisations that have been targeted.