Cybersecurity and Fraud Protection

Validating Your Vendors Could Prevent Medical Equipment Fraud

Personal protective equipment (PPE) fraud has surged during the COVID-19 pandemic—these tips could help your business from falling victim.


As the global COVID-19 health emergency continues, demand for personal protective equipment (PPE) and other medical supplies vastly exceeds supply. Criminals are taking advantage of this shortage to launch advance fee and business email compromise (BEC) schemes against businesses, government agencies and healthcare organizations.

The FBI has reported an escalation in these types of schemes where criminals—claiming to have medical supplies for sale—contact organizations in desperate need. In response, companies wire the funds to the criminals before receiving the equipment. The criminals then disappear with the money without delivering the supplies. In some circumstances, companies are being approached by well-meaning brokers who are, in turn, being deceived by criminals who falsely claim they will deliver supplies through the broker.

Organizations should exercise increased caution when purchasing medical supplies during COVID-19 from any broker or vendor, domestic or international. Consider these tips for validating any vendor to help to protect your organization.

 

Vendor Validation Tips

1. Collect and maintain identifying information from all parties—including producers and any intermediaries—involved in any medical supply transaction, including:

  • Business and owner’s names, addresses, phone numbers and email addresses
  • Company websites
  • Business Tax ID number
  • Any financial data for the transaction, such as financial institutions and account numbers
  • Business references

2. Research the entities and individuals involved in the transaction. Useful research methods may include these and other activities:

  • Searching official business records on government websites, such as the secretary of state’s website in the state where the business claims to operate. Be cautious of businesses that have no records or were recently created.
  • Using online map services to identify whether the vendor’s listed address appears to be a valid business address. Be wary of addresses that are associated with a personal residence, hotel or post office.
  • Searching for negative media stories on the business or owners.
  • Searching online local government real estate records, such as county property appraisal websites, to identify whether the addresses listed are associated with the business or owners’ names.
  • Identifying businesses and owners on social media. Be suspicious of organizations that don’t show any employees on employee-oriented social media sites.
  • Engaging your information technology staff to research any provided email or website domains. Be suspicious of any newly registered domains.
  • Confirming any business references provided. If the references appear valid, contact them to determine if they received any supplies and the condition of the supplies.

3. Review any invoices and validate any information provided, such as phone numbers and email addresses.

4. Hire a professional consulting firm or use paid online tools that specialize in investigations and due diligence services to assist with vendor validation. Government clients should engage their law enforcement partners to assist in researching the entities involved in the transaction.

5. Investigate any transaction that requires a full or substantial down payment before the product can be shipped. Clients should consider identifying ways to verify the supplier and the goods to be provided.

6. Review medical supply manufacturer’s websites for information related to the purchase of critical supplies, such as N95 masks and other in-demand PPE. 

7. Report any suspicious activity to the FBI through the IC3.gov website or by contacting your local FBI field office.

Business Resiliency Healthcare covid19 Cybersecurity and Fraud Protection