Current context, risks and challenges

The importance of protecting the NHS from fraudulent activity.

The nature and challenge of fraud

Fraud is the most commonly experienced crime in the UK and poses a significant challenge. The very nature of fraud changes over time and evolves to take account of new opportunities and different methodologies. Crime groups attack the UK public sector and government departments, including the NHS, and billions are estimated to be lost to tax and benefit fraud each year.

Healthcare expenditure in 2021 was estimated at £277bn, which was an increase in nominal terms of 7.4% on spending in 2020. The NHSCFA has assessed, that, in the context of a 2021 to 2022 NHS budget in England of almost £150.614bn, that the NHS is vulnerable to fraud, bribery and corruption to an estimated £1.198bn.

The challenge for the Government in protecting the public sector from fraud remains significant, with increasing pressure to support those who may be struggling, be it for economic or health reasons.

Fraudulent activity in the NHS means money intended for patient care and funded by the taxpayer ends up in the pockets of those who did not legitimately earn it. This means less money is available to spend on frontline health services such as patient care, health care facilities, doctors, nurses and other staff. There is a reduced ability to invest in new and improved equipment and technology, fewer clinical interventions, and a general diminution in the sustainability of an NHS which remains free at the point of delivery. It is important that there is a demonstrable benefit in having a strong and effective counter-fraud capability.

Continually reviewing and assessing risk

This estimated vulnerability represents less than 1% of the entire NHS budget in England.

That calculation is derived through:

  • reporting routes that we manage
  • loss measurement exercises
  • comparators with similar areas in government where more is known

Our annual strategic intelligence assessment identifies risk in three categories:

  • financial vulnerability
  • likelihood of the risk occurring
  • the impact if it does occur

Cyber-enabled fraud is the most prevalent crime in the UK and current analysis and threat reporting shows no sign of abatement. The scale of NHS finances and associate payments, and the personal data that is held, make the NHS at risk of cyber-enabled fraud.

Consequences include payment-diversion fraud, data theft, and system-unavailability through routes such as phishing and ransomware, facilitated through exploitation of IT vulnerabilities, credential-theft and account compromise and whaling (the targeting of senior executives through social engineering including phishing).

Working across the Four Nations

" We have a collective determination to work together to find, report and stop NHS fraud across the UK. Our joint agency approach involves exploring opportunities and sharing knowledge, skills, expertise, and intelligence. We know that by doing this and understanding how each territory operates we can continue to develop and deliver the most effective counter fraud measure across England, Scotland, Wales, and Northern Ireland, ensuring that NHS funds go to patient care and not into the hands of fraudsters. "

4 Nations Partners across England, Scotland, Wales and Northern Ireland - Graham Dainty, Counter Fraud Wales, Donna Scott, Health & Social Care Northern Ireland, Gordon Young, NHS Scotland, Tricia Morrison, NHS Counter Fraud Authority

Help us improve

Tell us what's happened so we can fix the problem. Please do not provide any personal, identifiable or sensitive information.


Thanks for the feedback!