What you need to know about the forces reshaping our industry.


June 20, 2019

What happens when a hospital gets 4,500 scam calls in just 2 hours?

Daily Briefing

    Last April, Tufts Medical Center received almost 5,000 scam phone calls in two hours—bringing communications at the hospital to a standstill. It's not the only health care provider to be hit with these "robocalls", which threaten the safety and privacy of hospital workers and patients, Tony Romm reports for the Washington Post

    Check out our cybersecurity cheat sheet series

    Hospitals call for action against robocalls

    Hospitals across the country are falling victim to robocall attacks, and in recent months, the problem has only gotten worse, according to Romm.

    Scammers often use a "spoof" number that looks similar to local phone numbers, with the idea being to trick the person on the other end that the call is coming from a legitimate local caller or perhaps even a patient in need.

    When hospital workers see calls like this, Steven Cardinal, a top security official at the Medical University of South Carolina, explained, "They can't not pick them up." He added, "They don't have any indicator it's a spoof until they answer it."

    En masse, these calls can present a dangerous challenge to providers. What the hospitals fear most, according to Romm, is that the robocallers will eventually "outmatch" their efforts to keep the phone lines free during emergencies, which could "create the conditions for a potential health crisis."

    Speaking on behalf of several leading health care organizations before a congressional committee in May, Dave Summitt, the Chief Information Security Officer at the H. Lee Moffitt Cancer Center and Research Institute, pleaded that Congress take action to stop the spam calls. He stressed that robocalls are a "serious threat" to his Tampa-based facility, and he had faced difficulty in seeking help from the center's telecom carrier.

    The testimony was part of a House Energy and Commerce Committee hearing on several pieces of legislation that aim to crack down on scam callers.

    A lobbying organization that represents telecommunications companies, including AT&T and Verizon, said the industry has been working to implement new technology to alert customers to scam calls. "There is no single solution to ending the scourge of robocalls, but progress is being made every day," said Patrick Halley, an SVP at USTelecom.

    The incident at Tufts Medical

    But in the meantime, health care providers are dealing with a deluge of calls.

    Tufts Medical Center in Boston is one of those providers. It received more than 4,500 robocalls between 9:30 and 11:30 a.m. on April 30, 2018, according to Taylor Lehmann, chief information security officer of the medical center.

    The phone calls had the same message and were from the same source. In the messages, a person, speaking in Mandarin, threatened deportation unless the person on the other end of the phone gave them their personal information.

    This particular type of call, according to Romm, targets immigrants or foreigners who may hand over their personal information out of fear that their families and their place in the country are at risk.

    The calls are common, but was especially concerning for Tufts Medical Center, which is located in Boston's Chinatown neighborhood. According to Lehmann, Windstream, their telephone carrier, failed to block the calls when alerted to the issue and told Tufts "[t]here's nothing we could do."

    According to Thomas Whitehead, VP of federal government affairs at Windstream, Tuft's robocall surge was due to the center's older phone technology. "We do have a call-blocking solution we offer," he explained. "We just couldn't offer it on their system." Whitehead said Windstream is still following up with the medical center on last year's incident

    The slow robocall crackdown

    Currently, top telecom companies are working to establish technologies that would label robocalls as spam, but it would take many months to implement the technology across the country, according to Romm.

    Meanwhile, the robocall problem is getting worse, with hospitals claiming "that government regulators and phone companies have been slow to help."

    On the regulatory side, the Federal Communications Commission recently has ramped up efforts to identify and fine people behind the scam calls, but "has stopped short of fully rewriting the nation's anti-robocall rules, something experts say would be necessary to truly stop the scourge," Romm writes.

    In Congress, lawmakers have put forward legislation to crack down on robocalls, but still have yet to pass any legislation.

    Back on the ground, "hospital leaders have labored to train staff and warn them of potential fraud," Romm writes. The "disruptions," Lehman said, "add up to being a big deal" (Romm, Washington Post, 6/17).

    Next, check out our cybersecurity cheat sheet series

    Want to learn more about what you should be doing in your role? Check out our new cybersecurity cheat sheet series which outline what executives in every role should be doing—and the key questions they should be asking—to help their organizations stay secure.

    Access the Cheat Sheets

    Have a Question?


    Ask our experts a question on any topic in health care by visiting our member portal, AskAdvisory.