Rachel Cohrs December 04, 2019 06:00
AM
For most everyday
citizens, robocalls are an unwelcome annoyance. For hospitals, the stakes are
much higher.
Robocallers have
clogged hospital phone lines reserved for patients, wasted staff time, preyed
on unsuspecting patients by imitating hospital phone numbers, impersonated law
enforcement to threaten doctors and disturbed sick patients in their hospital
beds. Congress heard hospitals' complaints, and the U.S. House of Representatives
is set to vote Wednesday on first steps to protect medical centers from
robocalls.
Dave Summitt,
chief information security officer at the Moffitt Cancer Center & Research
Institute in Tampa, Fla., has led the charge for legislative relief. In a 90-day
period the center received 6,600 calls from scammers posing as Moffitt internal
phone numbers, he testified during a House Energy and Commerce Committee
hearing. The calls consumed 65 hours of employee response time. Moffitt was
also the target of robocallers posing as U.S. Justice Department employees who
claimed that they had to speak to doctors about urgent issues regarding their
medical licenses.
The calls have
calmed down somewhat since that hearing, but Summitt worries it could be the
calm before another storm.
"That's the
dangerous sign of this. I don't know why it's calmed down and why they have
backed off. They could be waiting for a time when it is off everyone's radar to
pick back up. If we don't move forward, I think it's going to return," he
said.
Congress
responded by including a provision specifically intended to protect hospitals
from robocalls in the Telephone Robocall Abuse Criminal Enforcement and
Deterrence, or Traced, Act. The provision protecting hospitals was not in the
version of the Traced Act the Senate passed in May, but it will likely make its
way to the president's desk because Senate leaders including Majority Whip John
Thune (R-S.D.), who co-sponsored the bill with House Energy and Commerce
Committee Chair Frank Pallone (D-N.J.), have preemptively agreed to the version
the House will consider.
"Illegal
robocalls perpetuate fraud, threaten personal privacy and undermine our
healthcare system. Specifically designed to shield the critical infrastructure
of our healthcare system, this bill helps combat unlawful robocalls made to
hospitals and helps hospitals protect themselves from malicious scammers,"
said House Energy and Commerce ranking Republican Greg Walden of Oregon,
another co-sponsor of the Traced Act.
USTelecom, the
major telecommunications lobbying association, AT&T, Verizon and Comcast
did not respond to requests for comment about their stances on the new version
of the legislation.
The Traced Act
would give the Federal Communications Commission more legal authority to combat
robocalls generally and create a working group of stakeholders that would
within a year of the bill's passage develop best practices for hospitals and
service providers. The FCC would then assess the extent to which the best
practices could be implemented voluntarily.
"The
Hospital Robocall Protection Group will help shield hospitals and patients from
these scammers, and I'm proud it's included in our bill," Pallone said.
Peter Rucys,
chief information security officer at Tampa General Hospital, said he is
skeptical of the voluntary application of best practices. Robocalls have
interrupted patient care at Tampa General because hospital staff in emergency
settings use wireless phones to communicate patient updates. Rucys said
lawmakers might feel a greater sense of urgency to address the problem if they
had personal experience with it.
"It would
take one of the lawmakers' loved ones to be in an institution overnight with
staff attending them getting plagued by robocalls that caused a missed
medication drop or a missed vital count," Rucys said.
Summitt told the
Energy and Commerce Committee that he had three items on his wish list for
legislation addressing robocalls: provisions for accurate caller
identification, some responsibility for telecom carriers and requirements for
carriers to work with businesses to shut down malicious activity.
The bill checks
some of the items but not others. It includes provisions to require accurate
caller identifications and gives some responsibility to telecom carriers to
implement anti-robocall technology. But Summitt pointed out that hospitals
would still have the burden of upgrading their telecom systems. The bill does
not require telecom carriers to work with hospitals to investigate malicious
robocalls.
However, Summitt
said the legislation could still do good by expanding the FCC's legal authority
to go after robocallers.
"The more
the FCC has to go on from a legislative standpoint, the more of a stick they
can wield," Summitt said.
Robocallers have
deployed a wide variety of tactics to leverage hospitals' credibility to
exploit people. Steve Stallard, chief privacy officer at Orlando Health, said
robocallers have imitated Orlando Health's phone number to call members of the
public and then hung up after one ring. Concerned citizens then called the
hospital en masse to ensure they were not missing calls about their healthcare.
If the incident were widespread enough, Stallard said it could impact patients'
access to care.
He voiced concern
that some robocall issues may persist even after congressional action.
"I have
faith this will help, but I'm not putting all my faith into it. The bad guys
always seem to find a way to leverage it. It's amazing that where there's a
will, there's a way," Stallard said.
Tampa General was
able to update its internal communications systems to mitigate robocalls, but
Rucys said he is powerless to block robocalls on wireless devices.
"It's like a
mosquito bite. Once one goes away, another one appears," Rucys said.
The update to a
more secure internal communications system cost Tampa General $7.5 million, and
Rucys said hospitals may not necessarily have the cash on hand to invest in
expensive security products.
Rucys warned that
hospitals need to be aware that the scourge of robocalls is only going to get
worse, and advised that hospitals should evaluate their strategies to combat
robocalls and ensure best practices are in place.
"What I
would relay is that if it hasn't happened in a massive amount yet, it
will," Rucys said.
No comments:
Post a Comment