Cyber Crime

How to Avoid Transcription Service Fraud

Businesses, medical providers, attorneys, and law enforcement agencies often rely on transcription service providers to convert audio and video files into written documents.

Unfortunately, some providers don’t protect client data properly.

Many files sent to transcription companies often contain sensitive information that hackers may acquire on the deep web and sell through the dark web. Personal medical records, criminal cases involving minors, legal cases that are about confidential information, and corporate financial data are a few examples.

This article provides valuable tips on how you can avoid transcription service fraud in regards to the security of your audio and video files that require a secure transcription service.

To gain insight into safeguarding files submitted to a transcription service, let’s explore several security features and their importance. We’ll also examine a transcription service fined by a U.S. Federal Agency, the FTC (Federal Trade Commission), for violating client security protocols.  

Reputable Transcription Companies Secure Client Data

The best place to start is by understanding essential transcription security protocols for transcribing any file. Reputable transcription services always provide multiple security features and make sure that every audio file transcribed remains secure from the time it’s uploaded to a website until the written format is delivered to the end user.

Unscrupulous hackers worldwide specialize in stealing sensitive information from both individuals to large companies and government agencies. 

Detecting fraudulent activity can be challenging, with even the most astute security specialists duped by cybercriminals. Almost weekly reports surface where a company, educational institution, or medical facility faces a ransom request from hackers. 

According to Security Magazine, 2,690 ransomware attacks were reported to authorities, an increase of almost 93% compared to the previous year. 

A recent ransomware attack targeted CommonSpirit Health, the second largest nonprofit healthcare system in the U.S. With 1,000 facilities that serve over 20 million patients, the attack delayed surgeries. The mother of one patient was informed by a physician that her son received five times the prescribed pain medicine dosage.

While details of the attacked aren’t known at the time of this writing, officials are trying to determine if electronic health records were exposed.

However, transcription companies can easily incorporate several security precautions to safeguard client data.

Protecting Client Data In the Transcription Industry

Most clients submit their audio and video files through a transcription service’s website. Before submitting files to any transcription service provider, you should complete a basic company search. Key features to look for include:

  1. Find out if they are a U.S.-based company, and if so, do they have a physical location where company executives are based?
  2. Does the company have a Dun & Bradstreet rating?
  3. Do they have an Employer Identification Number issued by the IRS?
  4. Can company executives provide client references for your particular industry?
  5. If the company transcribes medical or law enforcement files, are they HIPAA and CJIS-compliant?
  6. Do employees and contractors that transcribe projects undergo a criminal background check?
  7. Can you call their phone number and speak to someone directly who is based in the US?

Federal Trade Commission (FTC) Complaint Against GMR

In August 2014, the FTC filed a three-count complaint against transcription provider GMR Transcription Services, Inc. for “unfair and deceptive acts.” The agency document also named the company’s president and vice president.

One of the more severe allegations involved GMR assigning all of their medical-related transcriptions to another transcription company based in India.

While the company’s website proclaimed that it protected confidential and sensitive files, the FTC determined that GMR and its foreign-based affiliate companies did not adhere to numerous security protocols.

Addressing one of the three FTC counts, the complaint stated: 

“In truth and in fact, as described in Paragraphs 11-14, respondents did not implement reasonable and appropriate security measures to prevent unauthorized access to personal information in audio and transcript files. Therefore, the representation set forth in Paragraph 17 was false or misleading and constitutes a deceptive act or practice.”

In a unanimous, 5-0 decision, the FTC approved and issued a final order stating that for a 20-year period, GMR and its executives are prohibited from the following:

 “…misrepresenting the extent to which they maintain the privacy and security of consumers’ personal information.

 “… the agency alleged that GMR’s data security practices were inadequate and resulted in transcriptions of audio files provided by GMR’s customers being indexed by a major search engine and made publicly available to anyone using the search engine.

GMR also must establish a comprehensive information security program that will protect consumers’ sensitive personal information, including information the company provided to independent service providers. The company must have the program evaluated both initially and every two years by a certified third party.”

How to Protect Your Audio & Video Files

The first step is ensuring that high-level security protocols protect client data when uploaded to the transcription services website. 

Whether you use peer-to-peer (P2P), a cloud service, or file transfer protocol (FTP), incorporate a two-factor authentication process as an added layer of protection. Other precautions include:

  1. For companies in the United States, ensure the individual assigned to your transcription project is also U.S.-based. Additionally, ask if the employing service performs criminal background checks and what security protocols they must follow.
  2. Non-disclosure agreements (NDA) are standard in the business world. Reputable transcription companies have no issue signing well-prepared NDAs and will enforce action against violators if necessary.
  3. Reputable transcription company’ websites begin with HTTPS. Avoid any site that doesn’t use this kind of URL.
  4. Contacting transcription companies directly to ask about their security features is also a good idea. Depending on the file type and scope of work, they can advise you on specific steps to safely transfer audio or video files.
  5. Will the transcription company certify your transcripts and testify in court to its authenticity?

Government Agencies Require Strict Transcription Compliance

Transcription Companies working with medical clients must adhere to stringent guidelines outlined in the Health Insurance Portability and Accountability Act (HIPAA). As discussed above, the FTC complaint against GMR originated when the company contracted with a foreign transcription service, resulting in leaked data.

The Criminal Justice Information Services (CJIS) is the largest division of the Federal Bureau of Investigation (FBI). The division manages the bureau’s centralized criminal justice database and is accessed by federal, state, and local law enforcement agencies.

CJIS requires that any organization or company (including transcription services) working with law enforcement agencies that handle confidential data maintain and follow strict security policies to keep criminal records from getting into the wrong hands. 

Note: Companies using foreign or non-U.S.-based transcriptionists do not adhere to HIPAA and CJIS compliance standards.

Safeguarding Transcription Files

Cybersecurity can be complex. However, by following the basic tenets discussed above, unauthorized users will have difficulty gaining access to your sensitive information.

If you are a U.S.-based entity, always use a reputable U.S.-based company. Begin by researching transcription providers with a proven track record in your industry. A little research goes a long way in protecting your data.


BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Splunk Flaw Let Attackers Escalate Privilege Using crafted web Request

Splunk is one of the most used SIEM (Security Incident and Event Management) tools worldwide.…

18 hours ago

Amazon Ring Employees Able to Access Every Single Camera Customer Video

California-based Ring LLC endangered its customers’ privacy by allowing any employee or contractor to see…

23 hours ago

Millions of PC Motherboard Were Sold With Backdoor Installed

Gigabyte systems have been identified by the Eclypsium platform for exhibiting suspicious backdoor-like behavior. This…

23 hours ago

Free Threat Hunting Platform Security Onion Released Updates – What’s New!

The third Beta version of Security Onion 2.4 is made available by Security Onion Solutions.…

2 days ago

Toyota Server Misconfiguration Leaks Owners Data for Over Seven Years

The Leak discloses Address, Vehicle Identification Number (VIN), Email address, Phone number, Name, and Vehicle…

2 days ago

Dark Pink APT Group Compromised 13 Organizations in 9 Countries

Dark Pink has successfully targeted 13 organizations across 9 countries, highlighting the extent of their…

3 days ago