Wednesday, May 29, 2024

How to Avoid Transcription Service Fraud

Businesses, medical providers, attorneys, and law enforcement agencies often rely on transcription service providers to convert audio and video files into written documents.

Unfortunately, some providers don’t protect client data properly.

Many files sent to transcription companies often contain sensitive information that hackers may acquire on the deep web and sell through the dark web. Personal medical records, criminal cases involving minors, legal cases that are about confidential information, and corporate financial data are a few examples.

This article provides valuable tips on how you can avoid transcription service fraud in regards to the security of your audio and video files that require a secure transcription service.

To gain insight into safeguarding files submitted to a transcription service, let’s explore several security features and their importance. We’ll also examine a transcription service fined by a U.S. Federal Agency, the FTC (Federal Trade Commission), for violating client security protocols.  

Reputable Transcription Companies Secure Client Data

The best place to start is by understanding essential transcription security protocols for transcribing any file. Reputable transcription services always provide multiple security features and make sure that every audio file transcribed remains secure from the time it’s uploaded to a website until the written format is delivered to the end user.

Unscrupulous hackers worldwide specialize in stealing sensitive information from both individuals to large companies and government agencies. 

Detecting fraudulent activity can be challenging, with even the most astute security specialists duped by cybercriminals. Almost weekly reports surface where a company, educational institution, or medical facility faces a ransom request from hackers. 

According to Security Magazine, 2,690 ransomware attacks were reported to authorities, an increase of almost 93% compared to the previous year. 

A recent ransomware attack targeted CommonSpirit Health, the second largest nonprofit healthcare system in the U.S. With 1,000 facilities that serve over 20 million patients, the attack delayed surgeries. The mother of one patient was informed by a physician that her son received five times the prescribed pain medicine dosage.

While details of the attacked aren’t known at the time of this writing, officials are trying to determine if electronic health records were exposed.

However, transcription companies can easily incorporate several security precautions to safeguard client data.

Protecting Client Data In the Transcription Industry

Most clients submit their audio and video files through a transcription service’s website. Before submitting files to any transcription service provider, you should complete a basic company search. Key features to look for include:

  1. Find out if they are a U.S.-based company, and if so, do they have a physical location where company executives are based?
  2. Does the company have a Dun & Bradstreet rating?
  3. Do they have an Employer Identification Number issued by the IRS?
  4. Can company executives provide client references for your particular industry?
  5. If the company transcribes medical or law enforcement files, are they HIPAA and CJIS-compliant?
  6. Do employees and contractors that transcribe projects undergo a criminal background check?
  7. Can you call their phone number and speak to someone directly who is based in the US?

Federal Trade Commission (FTC) Complaint Against GMR

In August 2014, the FTC filed a three-count complaint against transcription provider GMR Transcription Services, Inc. for “unfair and deceptive acts.” The agency document also named the company’s president and vice president.

One of the more severe allegations involved GMR assigning all of their medical-related transcriptions to another transcription company based in India.

While the company’s website proclaimed that it protected confidential and sensitive files, the FTC determined that GMR and its foreign-based affiliate companies did not adhere to numerous security protocols.

Addressing one of the three FTC counts, the complaint stated: 

“In truth and in fact, as described in Paragraphs 11-14, respondents did not implement reasonable and appropriate security measures to prevent unauthorized access to personal information in audio and transcript files. Therefore, the representation set forth in Paragraph 17 was false or misleading and constitutes a deceptive act or practice.”

In a unanimous, 5-0 decision, the FTC approved and issued a final order stating that for a 20-year period, GMR and its executives are prohibited from the following:

 “…misrepresenting the extent to which they maintain the privacy and security of consumers’ personal information.

 “… the agency alleged that GMR’s data security practices were inadequate and resulted in transcriptions of audio files provided by GMR’s customers being indexed by a major search engine and made publicly available to anyone using the search engine.

GMR also must establish a comprehensive information security program that will protect consumers’ sensitive personal information, including information the company provided to independent service providers. The company must have the program evaluated both initially and every two years by a certified third party.”

How to Protect Your Audio & Video Files

The first step is ensuring that high-level security protocols protect client data when uploaded to the transcription services website. 

Whether you use peer-to-peer (P2P), a cloud service, or file transfer protocol (FTP), incorporate a two-factor authentication process as an added layer of protection. Other precautions include:

  1. For companies in the United States, ensure the individual assigned to your transcription project is also U.S.-based. Additionally, ask if the employing service performs criminal background checks and what security protocols they must follow.
  2. Non-disclosure agreements (NDA) are standard in the business world. Reputable transcription companies have no issue signing well-prepared NDAs and will enforce action against violators if necessary. 
  3. Reputable transcription company’ websites begin with HTTPS. Avoid any site that doesn’t use this kind of URL.
  4. Contacting transcription companies directly to ask about their security features is also a good idea. Depending on the file type and scope of work, they can advise you on specific steps to safely transfer audio or video files.
  5. Will the transcription company certify your transcripts and testify in court to its authenticity?

Government Agencies Require Strict Transcription Compliance

Transcription Companies working with medical clients must adhere to stringent guidelines outlined in the Health Insurance Portability and Accountability Act (HIPAA). As discussed above, the FTC complaint against GMR originated when the company contracted with a foreign transcription service, resulting in leaked data.

The Criminal Justice Information Services (CJIS) is the largest division of the Federal Bureau of Investigation (FBI). The division manages the bureau’s centralized criminal justice database and is accessed by federal, state, and local law enforcement agencies.

CJIS requires that any organization or company (including transcription services) working with law enforcement agencies that handle confidential data maintain and follow strict security policies to keep criminal records from getting into the wrong hands. 

Note: Companies using foreign or non-U.S.-based transcriptionists do not adhere to HIPAA and CJIS compliance standards.

Safeguarding Transcription Files

Cybersecurity can be complex. However, by following the basic tenets discussed above, unauthorized users will have difficulty gaining access to your sensitive information.

If you are a U.S.-based entity, always use a reputable U.S.-based company. Begin by researching transcription providers with a proven track record in your industry. A little research goes a long way in protecting your data.

Website

Latest articles

Researchers Exploited Nexus Repository Using Directory Traversal Vulnerability

Hackers target and exploit GitHub repositories for a multitude of reasons and illicit purposes.The...

DDNS Service In Fortinet Or QNAP Embedded Devices Exposes Sensitive Data, Researchers Warn

Hackers employ DNS for various purposes like redirecting traffic to enable man-in-the-middle attacks, infecting...

PoC Exploit Released For macOS Privilege Escalation Vulnerability

A new vulnerability has been discovered in macOS Sonoma that is associated with privilege...

CatDDoS Exploiting 80+ Vulnerabilities, Attacking 300+ Targets Daily

Malicious traffic floods targeted systems, servers, or networks in Distributed Denial of Service (DDoS)...

GNOME Remote Desktop Vulnerability Let Attackers Read Login Credentials

GNOME desktop manager was equipped with a new feature which allowed remote users to...

Kesakode: A Remote Hash Lookup Service To Identify Malware Samples

Today marks a significant milestone for Malcat users with the release of version 0.9.6,...

Cisco Firepower Vulnerability Let Attackers Launch SQL Injection Attacks

 A critical vulnerability has been identified in Cisco Firepower Management Center (FMC) Software's web-based...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles