August 22, 2011

Cyber Crime And Health

By  Michael D. Shaw

It has been said that generals always seem to be fighting the last war. The implication, of course, is that the strategies and tactics that may have worked in the past are either not as effective, or are completely ineffective when applied to current battles. Another aspect of this has the generals ignoring threats that were minor or even unheard of in the last war.

Computer-related offenses are as old as computing itself, but rose to new heights with the growth of the Internet in the late 1990s. For too long, viruses, malware, and outright fraud were somehow perceived as being far less harmful than they really were. And, in the rare cases where the perps were actually caught, sentencing was inadequate because the legal system had no means in place to deal with the problem. Moreover, the perps—largely computer geeks—did not fit anyone’s stereotype of a dangerous offender. To some observers, this was not even “real crime.”

Indeed, the creator of 1999’s Melissa virus, which caused more than $80 million in damages, got 20 months of custodial service and a $7,500 fine. The Loveletter virus—coming out one year later—was said to have caused an incredible $7 billion in damages, but the Philippines-based perp got off scot-free since there were no applicable laws in his country.

While the “no borders” nature of computer-related offenses certainly undermines enforcement efforts, international cooperation is increasing. Responsible agencies have been established in many countries.

In the US, the Internet Crime Complaint Center has been established as a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center to serve as a means to receive Internet related criminal complaints and to further research, develop, and refer the criminal complaints to federal, state, local, or international law enforcement and/or regulatory agencies for any investigation they deem to be appropriate.

The growing problem of medical identity theft has been discussed in this column, and it is a significant—and very damaging—area of health-related cyber crime. But, it is not the only variety.

Given the relatively high price of pharmaceutical drugs in the US, thousands of people have turned to online sources for some of their medications. Most of these sources do not require a prescription, and that alone is a violation of federal law. Beyond this, the drugs might be diluted, counterfeit, or tainted. Sometimes, the drugs are never supplied at all.

Where a questionnaire is required, it might be evaluated by a real physician, but Internet pharmacies often attract doctors with troubled work histories including financial problems, substance abuse issues, and legal difficulties. Bargain-seeking patients often forget that many drugs are quite powerful biochemical agents, and it is essential to have regular follow-up—in person—by a doctor. To forgo this can present serious health risks.

In April, 2009, John Henkel of the FDA reported that a 52-year-old Illinois man with episodes of chest pain and a family history of heart disease died of a heart attack in March, 1999 after buying Viagra from an online source that required only answers to a questionnaire to qualify for the prescription. There are also a goodly number of cases involving younger people and such drugs as Vicodin, with sometimes fatal consequences.

Other health-related cyber scams include:

• Charity frauds
• Dubious “cures” for serious diseases
• Work-at-home schemes involving medical billing or re-shipment of stolen pharmaceuticals and other merchandise

With all of these, a secondary goal—beyond the initial cash rip off—can be identity theft.

I recently spoke with Joshua McAfee, Vice President Loss Prevention & Fraud for St. Louis based SecureFraud, an industry leader in the field of online fraud protection.

Joshua described a recently closed investigation involving online pharmaceuticals…

A nurse was taking home DEA controlled substances from a hospital emergency room. She also operated a website offering these products for sale, and the site implied that the business was based offshore. Every time she went into the ER to check on a patient, she would grab extra meds, pocket them, and bring them home.

Over the course of about five months, the offender was identified, based on one of SecureFraud’s customers complaining about having received expired meds from the website.

Effective prosecution, says McAfee, is the key to fighting back. Given the multiple auction platforms available to today’s criminals, fencing stolen goods presents far less of a challenge than it did in the past. As such, with $30 billion in organized retail fraud coming from a $150 billion marketplace, there is a huge loss in revenue to the merchants, and a related loss to the states in sales tax proceeds.

SecureFraud offers a variety of protection plans for individuals and businesses. As Joshua says, not only do they make you whole again, they also go after the fraudsters. The company provides a wide range of intelligence led services and resources to businesses around the world, as well.

The old cliché continues to be excellent advice: If it sounds too good to be true, it probably is.