Thursday, November 30, 2023

How to Avoid Transcription Service Fraud

Businesses, medical providers, attorneys, and law enforcement agencies often rely on transcription service providers to convert audio and video files into written documents.

Unfortunately, some providers don’t protect client data properly.

Many files sent to transcription companies often contain sensitive information that hackers may acquire on the deep web and sell through the dark web. Personal medical records, criminal cases involving minors, legal cases that are about confidential information, and corporate financial data are a few examples.

This article provides valuable tips on how you can avoid transcription service fraud in regards to the security of your audio and video files that require a secure transcription service.

To gain insight into safeguarding files submitted to a transcription service, let’s explore several security features and their importance. We’ll also examine a transcription service fined by a U.S. Federal Agency, the FTC (Federal Trade Commission), for violating client security protocols.  

Reputable Transcription Companies Secure Client Data

The best place to start is by understanding essential transcription security protocols for transcribing any file. Reputable transcription services always provide multiple security features and make sure that every audio file transcribed remains secure from the time it’s uploaded to a website until the written format is delivered to the end user.

Unscrupulous hackers worldwide specialize in stealing sensitive information from both individuals to large companies and government agencies. 

Detecting fraudulent activity can be challenging, with even the most astute security specialists duped by cybercriminals. Almost weekly reports surface where a company, educational institution, or medical facility faces a ransom request from hackers. 

According to Security Magazine, 2,690 ransomware attacks were reported to authorities, an increase of almost 93% compared to the previous year. 

A recent ransomware attack targeted CommonSpirit Health, the second largest nonprofit healthcare system in the U.S. With 1,000 facilities that serve over 20 million patients, the attack delayed surgeries. The mother of one patient was informed by a physician that her son received five times the prescribed pain medicine dosage.

While details of the attacked aren’t known at the time of this writing, officials are trying to determine if electronic health records were exposed.

However, transcription companies can easily incorporate several security precautions to safeguard client data.

Protecting Client Data In the Transcription Industry

Most clients submit their audio and video files through a transcription service’s website. Before submitting files to any transcription service provider, you should complete a basic company search. Key features to look for include:

  1. Find out if they are a U.S.-based company, and if so, do they have a physical location where company executives are based?
  2. Does the company have a Dun & Bradstreet rating?
  3. Do they have an Employer Identification Number issued by the IRS?
  4. Can company executives provide client references for your particular industry?
  5. If the company transcribes medical or law enforcement files, are they HIPAA and CJIS-compliant?
  6. Do employees and contractors that transcribe projects undergo a criminal background check?
  7. Can you call their phone number and speak to someone directly who is based in the US?

Federal Trade Commission (FTC) Complaint Against GMR

In August 2014, the FTC filed a three-count complaint against transcription provider GMR Transcription Services, Inc. for “unfair and deceptive acts.” The agency document also named the company’s president and vice president.

One of the more severe allegations involved GMR assigning all of their medical-related transcriptions to another transcription company based in India.

While the company’s website proclaimed that it protected confidential and sensitive files, the FTC determined that GMR and its foreign-based affiliate companies did not adhere to numerous security protocols.

Addressing one of the three FTC counts, the complaint stated: 

“In truth and in fact, as described in Paragraphs 11-14, respondents did not implement reasonable and appropriate security measures to prevent unauthorized access to personal information in audio and transcript files. Therefore, the representation set forth in Paragraph 17 was false or misleading and constitutes a deceptive act or practice.”

In a unanimous, 5-0 decision, the FTC approved and issued a final order stating that for a 20-year period, GMR and its executives are prohibited from the following:

 “…misrepresenting the extent to which they maintain the privacy and security of consumers’ personal information.

 “… the agency alleged that GMR’s data security practices were inadequate and resulted in transcriptions of audio files provided by GMR’s customers being indexed by a major search engine and made publicly available to anyone using the search engine.

GMR also must establish a comprehensive information security program that will protect consumers’ sensitive personal information, including information the company provided to independent service providers. The company must have the program evaluated both initially and every two years by a certified third party.”

How to Protect Your Audio & Video Files

The first step is ensuring that high-level security protocols protect client data when uploaded to the transcription services website. 

Whether you use peer-to-peer (P2P), a cloud service, or file transfer protocol (FTP), incorporate a two-factor authentication process as an added layer of protection. Other precautions include:

  1. For companies in the United States, ensure the individual assigned to your transcription project is also U.S.-based. Additionally, ask if the employing service performs criminal background checks and what security protocols they must follow.
  2. Non-disclosure agreements (NDA) are standard in the business world. Reputable transcription companies have no issue signing well-prepared NDAs and will enforce action against violators if necessary. 
  3. Reputable transcription company’ websites begin with HTTPS. Avoid any site that doesn’t use this kind of URL.
  4. Contacting transcription companies directly to ask about their security features is also a good idea. Depending on the file type and scope of work, they can advise you on specific steps to safely transfer audio or video files.
  5. Will the transcription company certify your transcripts and testify in court to its authenticity?

Government Agencies Require Strict Transcription Compliance

Transcription Companies working with medical clients must adhere to stringent guidelines outlined in the Health Insurance Portability and Accountability Act (HIPAA). As discussed above, the FTC complaint against GMR originated when the company contracted with a foreign transcription service, resulting in leaked data.

The Criminal Justice Information Services (CJIS) is the largest division of the Federal Bureau of Investigation (FBI). The division manages the bureau’s centralized criminal justice database and is accessed by federal, state, and local law enforcement agencies.

CJIS requires that any organization or company (including transcription services) working with law enforcement agencies that handle confidential data maintain and follow strict security policies to keep criminal records from getting into the wrong hands. 

Note: Companies using foreign or non-U.S.-based transcriptionists do not adhere to HIPAA and CJIS compliance standards.

Safeguarding Transcription Files

Cybersecurity can be complex. However, by following the basic tenets discussed above, unauthorized users will have difficulty gaining access to your sensitive information.

If you are a U.S.-based entity, always use a reputable U.S.-based company. Begin by researching transcription providers with a proven track record in your industry. A little research goes a long way in protecting your data.


Latest articles

Chrome Zero-Day Vulnerability That Exploited In The Wild

Google has fixed the sixth Chrome zero-day bug that was exploited in the wild this...

Iranian Mobile Banking Malware Steal Login Credentials & Steal OTP Codes

An Android malware campaign was previously discovered that distributed banking trojans targeting four major...

BLUFFS: Six New Attacks that Break Secrecy of Bluetooth Sessions

Six novel Bluetooth attack methods have been discovered, which were named BLUFFS (Bluetooth Forward...

Google Workspace’s Design Flaw Allows Attacker Unauthorized Access

Recent years saw a surge in cloud tech adoption, highlighting the efficiency through tools...

Serial ‘SIM Swapper’ Sentenced to Eight Years in Prison

In a digital age marred by deceit, 25-year-old Amir Hossein Golshan stands as a...

Design Flaw in Domain-Wide Delegation Could Leave Google Workspace Vulnerable to Takeover – Hunters

BOSTON, MASS. and TEL AVIV, ISRAEL, November 28, 2023 - A severe design flaw...

Hackers Behind High-Profile Ransomware Attacks on 71 Countries Arrested

Hackers launched ransomware attacks to extort money from the following two entities by encrypting...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles