By Phil Englert
As Erin Hager, a Diversion Investigator with the Drug Enforcement Administration (DEA), outlined the alarming extent and methods of fraud within electronic prescribing systems for controlled substances, everything clicked. Drug fraud, a concern I had often heard of throughout my healthcare career, always felt like a distant problem – someone else’s to solve. But as I reflected on the role of medical device maintenance, the connection became clear: while not direct targets, these devices often serve as entry points because of weak controls and systemic access to interconnected data systems.
Electronic prescription (eRx) fraud is a mounting crisis in healthcare, bringing with it severe financial, ethical and public health repercussions. Originally designed to streamline prescribing, reduce errors and combat written prescription fraud, eRx systems also aimed to curb over-prescribing and medication misuse, particularly opioids. However, the very interconnectedness of these systems has made them vulnerable to advanced fraud schemes.
One of the most insidious methods involves social engineering, where human vulnerabilities – not technical flaws – are exploited. Fraudsters deploy tactics like phishing emails, impersonation or deceptive phone calls to acquire physicians’ credentials. For instance, scammers posing as IT support might request a password reset to gain unauthorized access to a physician’s eRx account. Once inside, they can issue prescriptions for controlled substances without the physician’s awareness.
Fraudsters often escalate their operations by creating multiple fake accounts linked to the compromised physician. Using these accounts, they can issue an overwhelming volume of prescriptions in mere days. In one recent case, a single physician’s identity was used to generate 800 prescriptions over 72 hours, with orders sent to multiple states. This not only amplifies the fraudsters’ profits but also complicates detection and enforcement.
The scope of eRx fraud is staggering. Even when only a small fraction of fraudulent prescriptions – sometimes 12 to 155 – are successfully filled, the impact can be devastating. Controlled substances like opioids fuel addiction, jeopardize public health and erode trust in the medical system. Financially, the toll is immense. Healthcare fraud as a whole cost tens of billions of dollars annually, with some estimates suggesting it accounts for 3% to 10% of total healthcare expenditures – amounting to over $300 billion per year in the United States. eRx fraud is a significant and growing contributor to this financial hemorrhage.
Dark web criminals have honed their methods, from stealing healthcare providers’ identities to infiltrating electronic health records (EHRs). Their activities highlight numerous red flags – warning signs that often go unnoticed or unaddressed. Erin Hager refers to these red flags as akin to those on a beach, warning of dangerous waters ahead. Recognizing and responding to these signals is critical, and it requires a collective effort.
Some common red flags include physicians suddenly losing access to their phones, potentially because of spoofed SIM cards used to bypass multi-factor authentication (MFA). Electronic medical record (EMR) systems should flag instances where physicians create multiple accounts – another indicator of fraudulent activity. High-volume prescribing of commonly abused drugs like oxycodone 30mg, promethazine with codeine, or alprazolam is another glaring warning. An account issuing prescriptions at an unusually rapid pace – whether tens within minutes or hundreds over a few days – demands immediate scrutiny.
Advanced analytics and artificial intelligence present powerful tools to identify irregular prescribing patterns, such as sudden surges in prescriptions from a single physician or activity spanning multiple states. These technologies can help uncover fraud quickly, limiting its scope and impact. Furthermore, combating eRx fraud necessitates collaboration among healthcare providers, insurers, government agencies and other stakeholders. Sharing intelligence on emerging schemes and best practices can strengthen defenses and create a unified front.
Ultimately, electronic prescription fraud jeopardizes the integrity of the healthcare system. Understanding its mechanisms – such as compromised credentials, fraudulent accounts, and mass issuance of prescriptions – is the first step toward effective prevention. Coordinated efforts, advanced technology and vigilance are essential to mitigate the financial and societal costs of eRx fraud and to ensure that electronic prescribing lives up to its promise of improving patient care.
For healthcare technology management (HTM) professionals, securing medical devices and their connected systems is more critical than ever. We cannot allow bad actors to exploit digital vulnerabilities to perpetuate abuse and fraud.
