Employee pleads guilty to false accounting charges in $1 million fraud at Canterbury District Health Board
An employee redirected payments from patients to their own bank account to fund a lavish lifestyle.
Case information
Six-year fraud used to support lavish lifestyle
An internal eligibility specialist at Christchurch Hospital defrauded it of $1 million over a six-year period. The employee was responsible for invoicing and collecting revenue for patients who were ineligible to receive free healthcare.
The employee manipulated the hospital’s processing system and redirected 475 payments from ineligible patients to accounts she controlled. She did this by:
- offering ineligible patients unauthorised discounts for using cash which she then took for herself
- creating fake invoices with her bank details on them
- entering incorrect patient information into the hospital’s system to make it appear as if the patient met the eligibility criteria.
In an attempt to avoid detection, she used a manual accounting system to remove the debt against patients’ accounts. The system did not record changes that had been made which made it appear as if the debt never existed.
The proceeds of the fraud were used to fund her lavish lifestyle and gambling addiction.
Fraud detected following patient query
The fraud was detected when a patient contacted the hospital to query an invoice for medical treatment that they had already paid several months earlier. Upon enquiry, the hospital identified that the bank account on the document provided to the patient was not the hospital’s account. Further enquiries identified additional emails from the employee to patients, requesting direct payment to non-hospital bank accounts.
With the support of a consultant, an internal audit was carried out. It found that the employee had been asking ineligible patients to make payments to accounts controlled by her. The matter was referred to the Serious Fraud Office for investigation
Prosecution outcome
The employee was prosecuted and subsequently sentenced to three years imprisonment.
Impact of the offending
- Financial loss of over $1 million to the hospital. This money could have covered the salary of 18 graduate nurses.
- Multiple hospital employees experienced considerable stress and anxiety.
- The misuse of private information regarding sensitive medical procedures was used to target vulnerable patients who had little knowledge and understanding of what they were required to pay for their medical treatment.
Organisation’s response
- The organisation engaged a consultant who identified weaknesses in the hospital’s internal controls and helped to develop a new control framework.
- The payment processes were reviewed and the organisation stopped accepting cash payments.
- Internal fraud awareness was communicated across the organisation. This included information about who to contact if fraud was suspected.
Fraudster personas
In this case, there were two main personas.
The exploiter
The employee identified and exploited vulnerabilities in the hospital’s accounting and payment systems.
The fabricator
The employee changed the bank account on official hospital documentation to redirect patients’ payments to an account she controlled.
Red flags
- Employees who do not take leave: the employee went to the office on days she wasn’t working or when she was on leave.
- Resistance in sharing roles and duties: she insisted she was the only one that should work with certain patients.
- Processes that are not followed: she contacted patients outside of work hours via social media platforms.
- Low oversight: she had sole control over the process with little oversight.
Effective countermeasures
- This case illustrates the need for access controls to protect data from manipulation. Automatic IT systems, such as audit logs, can prevent data from being manipulated, and parameters and limitation controls can prevent unauthorised people from changing documents.
- Other effective countermeasures include pressure testing existing controls and segregation of duties to ensure that more than one person is responsible for completing high fraud risk tasks.
Download the PDF
More information
- Understand the wider impacts of public sector fraud, beyond just financial
- Find out more about what the Counter Fraud Centre has to offer public sector organisations to build their counter fraud capability
- See how a robust and well-structured procurement process is the first line of defence against procurement fraud and corruption
- Find out how employees perceive your organisation’s fraud control activities