Request regarding Fraud and scams perpetrated by outsiders to NHS

Published: 2 June 2021

Information requested

My request relates to consumer-style frauds suffered by NHS bodies including trusts, clinical commissioning groups and other NHS organisations.

My request pertains only to fraud and scams perpetrated by outsiders to the NHS, and would exclude any frauds undertaken by staff, agency workers, contractors or patients.

It would include mandate fraud and salary redirection fraud, cloned NHS credit cards, phishing emails, smishing texts and vishing phone calls, push payment fraud and similar deceptions designed to steal from the NHS.

In each case, I understand that records may be incomplete, and if this is the case, I would like whatever figures are available, together with their dates, to give the most accurate view possible.

Here is what I am requesting:

  1. The amount during each calendar year for the last five years the NHS has lost to fraud and scams as described above. This would include the year to date as one of those five years.
  2. For each fraud or scam of more than £20,000 the nature of the fraud or scam, particularly:
    1. The date the money was lost
    2. The target organisation within the NHS e.g. the trust, CCG etc
    3. How much was lost
    4. How the money was lost - the methodology the scammers used
    5. What efforts were made to reclaim the lost funds

How successful those efforts were.

NHSCFA response

Attached is a spreadsheet containing the information in your request, (including comments on the data extracted).

With reference to Question 2 (e) I am unable to provide the information.

You ask ‘what efforts were made to reclaim the lost funds?’ and ‘Should there be a large number of frauds which qualify for question 2, to the point where costs for the request are likely to over-run, I would like the details for the five largest in terms of losses, please, for each year.’

The progress logs attached to each case are many and to search each log and retrieve the information would exceed the appropriate limit of £450.

The appropriate limit has been specified in The Freedom of Information and Data Protection (Appropriate Limit and Fees) Regulations 2004 and for non-central Government departments it is set at £450. This represents the estimated cost of one person spending 18 hours in determining whether the Authority holds the information, and locating, retrieving and extracting the information. Under section 12 of the Freedom of Information Act the Authority is not obliged to comply with your request.

Help us improve cfa.nhs.uk

Tell us what's happened so we can fix the problem. Please do not provide any personal, identifiable or sensitive information.


Thanks for the feedback!