Aussie drug prescriptions sit pretty for health fraud

Fake prescriptions are often bad, but no one knows what real ones should look like.

Drug dealers that sell prescription steroids, opioids and other “Schedule 8” controlled drugs, are exploiting the lack of consistency in legitimate Australian prescription documents, according to a Queensland Health investigator.

“One of the things that we’ve seen is a fairly significant and increasing escalation in prescription theft and fraud and one of the things we have identified is that identity theft is a big, big part of it,” Rebecca Thompson, Queensland Health Drugs of Dependence Unit Investigations Officer and analyst told AusCERT delegates last week in Queensland.

Older methods that take advantage of the absence of real-time prescription reporting in Australia include ‘doctor shopping’ (for multiple prescriptions) or ‘fossil farming’ where an elderly family member is co-opted to acquire the prescription.

However, Thompson says blank prescription paper theft and forged prescriptions are also on the rise, with the latter spurred on by improved printing, and easier access to information on the web that help fraudsters format a prescription correctly.

“What we’re now seeing is huge amounts of the A4 paper that your doctor runs through your printer to print out a script -- that stuff’s extremely valuable on the illegal market. It’s paper without a script written on it, but it is still a valuable commodity.”

Would-be dealers of anything from injectable steroids, which are not controlled, to highly controlled substances like “Hillbilly heroin”, the opioid Oxycodone, are also testing the waters with higher quality forged documents.

While forged prescriptions often contain tell-tale signs, such as a misplaced logo, incorrect formatting or spelling errors, the wide variety of legitimate prescription documents has made it near impossible even for Medicare Australia staff to identify real from fake documents, she said.

“There isn’t consistency between that legitimate paper,” said Thompson, when asked by a delegate about the quality of paper used for real prescriptions.

“The colour can vary, the font can vary.”

“Unfortunately that has made it quite difficult to the point where I have had to take a couple of hundred samples, each one completely different‚ to Medicare Australia, lay them on the table and say, ‘Could you please tell me if any of these are forged?’.

“To have someone say to me, ‘Uh, they all look fraudulent to me’, kind of left everybody in the room a little bit speechless.”

Thompson highlighted two recent scams that exploited weaknesses in prescription reporting between pharmacies and prescribers.

In 2010, a person or group faxed a batch of prescriptions to several pharmacies in one area. The drugs would be picked up before the mandatory 24 hour period doctors have to submit the original prescription.

In January 2011, Thompson, suggesting an evolution in health fraud, said another large scale attempt employed fake prescriptions for non-controlled injectable steroids that contained roughly accurate printed back and front sides.

“These people were testing a product,” she said, noting that they would wait outside the pharmacy close to a vehicle.

“The people that were doing it obviously wanted to see how the pharmacists engaged with those forged prescriptions.”

While the fraudsters used a lower weight paper than real prescription paper, anyone intending on printing fake prescriptions could do it easily enough by searching Google.

“‘Australian prescription’, that’s all you need and you will get a nice little image that shows you how to write it, how to format it, and even gives you a pretty good idea how to set it out if you’re going to have a crack at it.”

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

More about CERT AustraliaGoogleQueensland Health

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place