Security alerts for senior living & LTC: It’s not just seniors getting scammed
Senior scams flood social media and the news cycle, but senior living and LTC administrators need to be on the lookout for scams and security threats as well, including ‘advisors’ for the Employee Retention Credit (ERC) and cybersecurity threats.
Executive staff should be aware of ‘advisers’ helping them get the Employee Retention Credit (ERC). Accountants offered tips to businesses on ways to protect themselves from unscrupulous third-party advisors.
Employers that continued to pay workers while being shut down during the COVID-19 pandemic or that had significant declines in gross receipts between March 2020 and December 2021 are eligible for the credit.
Providers seeking the ERC must first have a good understanding of how the credit works before signing an engagement letter with an adviser, cautioned Troy Taylor, Managing Director of Forvis Wealth Advisors.
“Some third-party advisors are charging outrageous fees even if you don’t receive the credit,” Taylor warned. “So, even if you don’t submit the form, you still have to pay them the full amount.”
Taylor also cautioned providers to fully understand the terms of any agreement and whether the third-party adviser will provide help in the event of an audit.
He also recommended doing a simple internet search before signing a contract with an adviser, to ensure there aren’t any lawsuits pending against them, and have a trusted accountant review a contract before signing on the dotted line.
And as the threat of scams, including cyberattacks, across the healthcare sector grows, the U.S. Department of Health and Human Services (HHS) has developed a platform offering training and resources for community staff.
Nursing homes often are the target of cyberattacks, with cyber criminals targeting third-party vendors or facilities to get access to resident, patient, and employee data for use in fraud or identity theft schemes.
Global cyberattacks against the healthcare industry are up 74% from last year, according to Brian Schnese, Assistant Vice President and risk consultant at Hub International.
HHS’ new resource, Knowledge on Demand, provides free training for health organizations on social engineering, ransomware, loss of equipment or data, insider accidental or malicious data loss, and attacks against network connected medical devices.
Health Industry Cybersecurity Practices 2023, a manual by HHS for the healthcare industry updated for this year, covers ways to mitigate cyber threats and keep residents and patients safe, with new information on social engineering attacks, which try to get people to reveal information, such as passwords, that can then be used to attack a network.
“Cyberattacks are one of the biggest threats facing our healthcare system today, and the best defense is prevention,” HHS deputy secretary Andrea Palm said. All videos and training materials can be accessed here.