How to Avoid Transcription Service Fraud

Businesses, medical providers, attorneys, and law enforcement agencies often rely on transcription service providers to convert audio and video files into written documents.

Unfortunately, some providers don’t protect client data properly.

Many files sent to transcription companies often contain sensitive information that hackers may acquire on the deep web and sell through the dark web. Personal medical records, criminal cases involving minors, legal cases that are about confidential information, and corporate financial data are a few examples.

This article provides valuable tips on how you can avoid transcription service fraud in regards to the security of your audio and video files that require a secure transcription service.

To gain insight into safeguarding files submitted to a transcription service, let’s explore several security features and their importance. We’ll also examine a transcription service fined by a U.S. Federal Agency, the FTC (Federal Trade Commission), for violating client security protocols.  

Reputable Transcription Companies Secure Client Data

The best place to start is by understanding essential transcription security protocols for transcribing any file. Reputable transcription services always provide multiple security features and make sure that every audio file transcribed remains secure from the time it’s uploaded to a website until the written format is delivered to the end user.

Unscrupulous hackers worldwide specialize in stealing sensitive information from both individuals to large companies and government agencies. 

Detecting fraudulent activity can be challenging, with even the most astute security specialists duped by cybercriminals. Almost weekly reports surface where a company, educational institution, or medical facility faces a ransom request from hackers. 

According to Security Magazine, 2,690 ransomware attacks were reported to authorities, an increase of almost 93% compared to the previous year. 

A recent ransomware attack targeted CommonSpirit Health, the second largest nonprofit healthcare system in the U.S. With 1,000 facilities that serve over 20 million patients, the attack delayed surgeries. The mother of one patient was informed by a physician that her son received five times the prescribed pain medicine dosage.

While details of the attacked aren’t known at the time of this writing, officials are trying to determine if electronic health records were exposed.

However, transcription companies can easily incorporate several security precautions to safeguard client data.

Protecting Client Data In the Transcription Industry

Most clients submit their audio and video files through a transcription service’s website. Before submitting files to any transcription service provider, you should complete a basic company search. Key features to look for include:

  1. Find out if they are a U.S.-based company, and if so, do they have a physical location where company executives are based?
  2. Does the company have a Dun & Bradstreet rating?
  3. Do they have an Employer Identification Number issued by the IRS?
  4. Can company executives provide client references for your particular industry?
  5. If the company transcribes medical or law enforcement files, are they HIPAA and CJIS-compliant?
  6. Do employees and contractors that transcribe projects undergo a criminal background check?
  7. Can you call their phone number and speak to someone directly who is based in the US?

Federal Trade Commission (FTC) Complaint Against GMR

In August 2014, the FTC filed a three-count complaint against transcription provider GMR Transcription Services, Inc. for “unfair and deceptive acts.” The agency document also named the company’s president and vice president.

One of the more severe allegations involved GMR assigning all of their medical-related transcriptions to another transcription company based in India.

While the company’s website proclaimed that it protected confidential and sensitive files, the FTC determined that GMR and its foreign-based affiliate companies did not adhere to numerous security protocols.

Addressing one of the three FTC counts, the complaint stated: 

“In truth and in fact, as described in Paragraphs 11-14, respondents did not implement reasonable and appropriate security measures to prevent unauthorized access to personal information in audio and transcript files. Therefore, the representation set forth in Paragraph 17 was false or misleading and constitutes a deceptive act or practice.”

In a unanimous, 5-0 decision, the FTC approved and issued a final order stating that for a 20-year period, GMR and its executives are prohibited from the following:

 “…misrepresenting the extent to which they maintain the privacy and security of consumers’ personal information.

 “… the agency alleged that GMR’s data security practices were inadequate and resulted in transcriptions of audio files provided by GMR’s customers being indexed by a major search engine and made publicly available to anyone using the search engine.

GMR also must establish a comprehensive information security program that will protect consumers’ sensitive personal information, including information the company provided to independent service providers. The company must have the program evaluated both initially and every two years by a certified third party.”

How to Protect Your Audio & Video Files

The first step is ensuring that high-level security protocols protect client data when uploaded to the transcription services website. 

Whether you use peer-to-peer (P2P), a cloud service, or file transfer protocol (FTP), incorporate a two-factor authentication process as an added layer of protection. Other precautions include:

  1. For companies in the United States, ensure the individual assigned to your transcription project is also U.S.-based. Additionally, ask if the employing service performs criminal background checks and what security protocols they must follow.
  2. Non-disclosure agreements (NDA) are standard in the business world. Reputable transcription companies have no issue signing well-prepared NDAs and will enforce action against violators if necessary.
  3. Reputable transcription company’ websites begin with HTTPS. Avoid any site that doesn’t use this kind of URL.
  4. Contacting transcription companies directly to ask about their security features is also a good idea. Depending on the file type and scope of work, they can advise you on specific steps to safely transfer audio or video files.
  5. Will the transcription company certify your transcripts and testify in court to its authenticity?

Government Agencies Require Strict Transcription Compliance

Transcription Companies working with medical clients must adhere to stringent guidelines outlined in the Health Insurance Portability and Accountability Act (HIPAA). As discussed above, the FTC complaint against GMR originated when the company contracted with a foreign transcription service, resulting in leaked data.

The Criminal Justice Information Services (CJIS) is the largest division of the Federal Bureau of Investigation (FBI). The division manages the bureau’s centralized criminal justice database and is accessed by federal, state, and local law enforcement agencies.

CJIS requires that any organization or company (including transcription services) working with law enforcement agencies that handle confidential data maintain and follow strict security policies to keep criminal records from getting into the wrong hands. 

Note: Companies using foreign or non-U.S.-based transcriptionists do not adhere to HIPAA and CJIS compliance standards.

Safeguarding Transcription Files

Cybersecurity can be complex. However, by following the basic tenets discussed above, unauthorized users will have difficulty gaining access to your sensitive information.

If you are a U.S.-based entity, always use a reputable U.S.-based company. Begin by researching transcription providers with a proven track record in your industry. A little research goes a long way in protecting your data.

Tags: fraud alert
Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Singapore Police Arrested Two Individuals Involved in Hacking Android Devices

The Singapore Police Force (SPF) has arrested two men, aged 26 and 47, for their suspected involvement in malware-enabled scams…

19 hours ago

CISA Conducts First-Ever Tabletop Exercise Focused on AI Cyber Incident Response

On June 13, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) made history by conducting the federal government's inaugural tabletop…

21 hours ago

Europol Taken Down 13 Websites Linked to Terrorist Operations

Europol and law enforcement agencies from ten countries have taken down 13 websites linked to terrorist operations. The joint operation,…

23 hours ago

New ARM ‘TIKTAG’ Attack Impacts Google Chrome, Linux Systems

Memory corruption lets attackers hijack control flow, execute code, elevate privileges, and leak data. ARM's Memory Tagging Extension (MTE) aims…

24 hours ago

Operation Celestial Force Employing Android And Windows Malware To Attack Indian Users

A Pakistani threat actor group, Cosmic Leopard, has been conducting a multi-year cyber espionage campaign named Operation Celestial Force, targeting…

2 days ago

Hunt3r Kill3rs Group claims they Infiltrated Schneider Electric Systems in Germany

The notorious cybercriminal group Hunt3r Kill3rs has claimed responsibility for infiltrating Schneider Electric's systems in Germany. The announcement was made…

2 days ago