Fraud Rx for oxy as an Escript

This forum made possible through the generous support of SDN members, donors, and sponsors. Thank you.

musinglaiying

New Member
Joined
Feb 2, 2023
Messages
2
Reaction score
0
This is new and scary, lately fraud rx's are getting better and now its being sent in as an escript. Will there be/what are the serious repercussions if you accidentally fill a fraud oxycodone unintentionally? This is Texas for reference. Caught some incidences of it happening and was curious to know

Members don't see this ad.
 
  • Wow
Reactions: 2 users
I know when we got inspected by the board said it is possible now.
 
How?? I thought all control prescriptions have to go through a secure server??? If it is a secure server how can a fake prescription go through???
 
  • Like
Reactions: 1 user
Members don't see this ad :)
How?? I thought all control prescriptions have to go through a secure server??? If it is a secure server how can a fake prescription go through???
"secure servers" from Equifax, major retailers, to the Pentagon are continuously being hacked, so what would makes you think that Rx systems will not be hacked? The future is here, and it is looking grim.
 
  • Like
Reactions: 1 users
Yeah, I figured it was only a matter of time. Socially engineer an email password. Get a physician's password. Boom.
 
  • Like
Reactions: 1 user
yes thought it was secure too, but md said her credentials were breached. anyone in a similar situation before?
 
Yeah, I figured it was only a matter of time. Socially engineer an email password. Get a physician's password. Boom.
Don't those require two separate validations with one being a password and the second being physical? As in biometric/RSA token?
 
IMO, Not much we can do about fake erxs as pharmacists.
I mean, I image they come over looking identical to an authentic erx, right?
 
Don't those require two separate validations with one being a password and the second being physical? As in biometric/RSA token?
This is correct on prescriber side; I have to enter a code from the app each time I rx a controlled substance
 
  • Like
Reactions: 1 user
Members don't see this ad :)
Call to verify?
We’d be on the phone all day then if we had to call on each and every controlled script (unless there was a clear/valid reason to) 😭
 
  • Like
Reactions: 1 user
We’d be on the phone all day then if we had to call on each and every controlled script (unless there was a clear/valid reason to) 😭
That's what I mean if it looks suspicious.
 
Yeah, I figured it was only a matter of time. Socially engineer an email password. Get a physician's password. Boom.
I have to also enter a new password and a token pin that lasts 60 seconds in order to prescribe a controlled sub on my emr
 
  • Like
Reactions: 1 user
For you guys in chain retail: are you pressured to fill those scripts? Can't you just tell them you don't have the meds?
 
Yeah, I figured it was only a matter of time. Socially engineer an email password. Get a physician's password. Boom.
We've got like, 3 layer security everywhere I work, often tied to an off-device key (phone, flash drive, or physical card). The ability to get around these systems would require more than just passwords, it would be quite sophisticated and require faking mutiple levels of authentication.
 
  • Like
Reactions: 2 users
I honestly doubt there can be a fake e-script. Only thing I can think of is someone working from doctor’s office who knows passwords, sending it without doctor’s knowledge.
 
I honestly doubt there can be a fake e-script. Only thing I can think of is someone working from doctor’s office who knows passwords, sending it without doctor’s knowledge.
Wouldn't surprise me if some docs delegate sending prescriptions to their staff
 
  • Like
Reactions: 1 users
We've got like, 3 layer security everywhere I work, often tied to an off-device key (phone, flash drive, or physical card). The ability to get around these systems would require more than just passwords, it would be quite sophisticated and require faking mutiple levels of authentication.
And all still considerably more likely that cracking 256-bit encryption.
 
My retail store had these fake electronic prescriptions last year. I think it was under two doctors' credentials. It was a bit obvious to catch thought, because one was from an out-of-state hospital doctor and the other was for our classic zpak-promethazine with codeine combo.

But yeah, it is quite scary that these can actually happen.
 
  • Like
Reactions: 1 users
I honestly doubt there can be a fake e-script. Only thing I can think of is someone working from doctor’s office who knows passwords, sending it without doctor’s knowledge.
My staff doesn't have access to my phone or passwords. The second password and the token pin are unavailable to her as well. The token pin is a 60 second one on my phone only.
 
  • Like
Reactions: 1 user
My retail store had these fake electronic prescriptions last year. I think it was under two doctors' credentials. It was a bit obvious to catch thought, because one was from an out-of-state hospital doctor and the other was for our classic zpak-promethazine with codeine combo.

But yeah, it is quite scary that these can actually happen.
Not sure if security has been ramped up since then as it takes a lot for me to prescribe a controlled sub.
 
  • Like
Reactions: 1 user
I honestly doubt there can be a fake e-script. Only thing I can think of is someone working from doctor’s office who knows passwords, sending it without doctor’s knowledge.

Anything can be hacked.
 
I have yet to hear about fake electronic scripts in practice. It would have made a huge news if it occurred even once.
 
  • Haha
Reactions: 1 user
I honestly doubt there can be a fake e-script. Only thing I can think of is someone working from doctor’s office who knows passwords, sending it without doctor’s knowledge.
I've seen em up close and personal.

A young female doctor in Manhattan's DEA was being using but the name displayed was some geezer MD that is out of practice.

Apparently they were sending Rx all over the country.
 
  • Like
Reactions: 1 user
I've seen em up close and personal.

A young female doctor in Manhattan's DEA was being using but the name displayed was some geezer MD that is out of practice.

Apparently they were sending Rx all over the country.
I received an obviously fake Oxy30 from a GI Doc out of NYC. All contact/location info on it was to a northern NJ "office" that didn't exist.

It's weird when you report it because there's a good chance it's someone in the office using their token/password/2FA and you might just be reporting the fraud to the fraudster themselves.
 
  • Like
Reactions: 1 user
I have yet to hear about fake electronic scripts in practice. It would have made a huge news if it occurred even once.
It’s most definitely happening. And no please we don’t want it to become huge news as that only invites more.

As others mentioned here.. those social engineering their way to achieve this are then sloppy with knowing of what practice and location is related to their assumed credential… but a sophisticated one could get away with quite some damage in quite a short period of time.
 
  • Like
Reactions: 1 user
It’s most definitely happening. And no please we don’t want it to become huge news as that only invites more.

As others mentioned here.. those social engineering their way to achieve this are then sloppy with knowing of what practice and location is related to their assumed credential… but a sophisticated one could get away with quite some damage in quite a short period of time.
I am able to run a report to see what my controlled sub prescriptions are. It's required in my state. That way I know if someone who shouldnt be getting a sub is.
 
I received an obviously fake Oxy30 from a GI Doc out of NYC. All contact/location info on it was to a northern NJ "office" that didn't exist.

It's weird when you report it because there's a good chance it's someone in the office using their token/password/2FA and you might just be reporting the fraud to the fraudster themselves.
That's who mine was from! Very very nice lady. I was doing clinical **** that day but i still called to talk to her
 
  • Like
Reactions: 1 user
I am able to run a report to see what my controlled sub prescriptions are. It's required in my state. That way I know if someone who shouldnt be getting a sub is.
And how often do you run it
 
I have yet to hear about fake electronic scripts in practice. It would have made a huge news if it occurred even once.

Doesn't have to be fake. There could be a corrupt provider. We all know there are tons of pill mills.
 
Anything can be hacked.
Yes
I received an obviously fake Oxy30 from a GI Doc out of NYC. All contact/location info on it was to a northern NJ "office" that didn't exist.

It's weird when you report it because there's a good chance it's someone in the office using their token/password/2FA and you might just be reporting the fraud to the fraudster themselves.
But how? I approve a push notification and on my employer phone. It's protected with my fingerprint. Only I have access to the phone. I get 25 seconds to approve the push notification. The phone has additional layers of encryption beyond the my fingerprint.

I could only this happening with staff who have a providers password AND possession of the providers physical token. But each transmission would be recorded n the EMR, show on the patient's MAR and show on the PMP report.

I could see this happening much more easily with schedule 3-5 on the telephone. All you need is a DEA# which is on most provider's scripts and someone who knows how to Google med instructions..seems to me this would be much more problematic.

Maybe we will end up having to tie a fingerprint or retina scan linked to each indivial ecps transmission in addition to a token. That wouldn't be too difficult to implement in my opinion.
 
Ya… a lot of damage can be done in a month…
Pharmacists are good at picking this up. I'm a shrink so there's only a narrow range of meds that would be controlled I prescribe.

Altho one time a patient showed up on my pmp that the pharmacist had let thru. They hadn't asked for an id for the patient. And it was a fake written one.
 
  • Like
Reactions: 1 user
Pharmacists are good at picking this up. I'm a shrink so there's only a narrow range of meds that would be controlled I prescribe.

Altho one time a patient showed up on my pmp that the pharmacist had let thru. They hadn't asked for an id for the patient. And it was a fake written one.

That’s great we are good at it… mind paying us for being good at that? No ones paying us to detect the fake ones…
 
  • Like
Reactions: 1 user
Yes

But how? I approve a push notification and on my employer phone. It's protected with my fingerprint. Only I have access to the phone. I get 25 seconds to approve the push notification. The phone has additional layers of encryption beyond the my fingerprint.

I could only this happening with staff who have a providers password AND possession of the providers physical token. But each transmission would be recorded n the EMR, show on the patient's MAR and show on the PMP report.

I could see this happening much more easily with schedule 3-5 on the telephone. All you need is a DEA# which is on most provider's scripts and someone who knows how to Google med instructions..seems to me this would be much more problematic.

Maybe we will end up having to tie a fingerprint or retina scan linked to each indivial ecps transmission in addition to a token. That wouldn't be too difficult to implement in my opinion.
No clue. But it was clearly fake. Oxy30 #90 for a completely opioid naive patient that lived 20 miles from the prescriber, sent to a pharmacy 90 miles from the office and 70 from the patient.

Three days later a "family member" shows up to the pharmacy with a surgical mask on and their hood up over their head while indoors on a normal temperature day to try to pick it up.

It was so comically fake.
 
  • Love
Reactions: 1 user
No clue. But it was clearly fake. Oxy30 #90 for a completely opioid naive patient that lived 20 miles from the prescriber, sent to a pharmacy 90 miles from the office and 70 from the patient.

Three days later a "family member" shows up to the pharmacy with a surgical mask on and their hood up over their head while indoors on a normal temperature day to try to pick it up.

It was so comically fake.
How do we know prescribers aren't being paid to write these drugs?
 
That’s great we are good at it… mind paying us for being good at that? No ones paying us to detect the fake ones…
Right but they should have checked the drivers license so we could prosecute. That's part of controlled sub regulations.

And no one pays us to do pa, but we do them for the patient.
 
Right but they should have checked the drivers license so we could prosecute. That's part of controlled sub regulations.

And no one pays us to do pa, but we do them for the patient.
Sure you get paid. You got paid for the last visit and you'll get paid for the next visit. You can be unhappy with the level of renumeration, but you are getting paid. When a pharmacist turns away a phony prescription, they're losing that sale and likely future business from the fraudster.
 
Sure you get paid. You got paid for the last visit and you'll get paid for the next visit. You can be unhappy with the level of renumeration, but you are getting paid. When a pharmacist turns away a phony prescription, they're losing that sale and likely future business from the fraudster.
It takes time. That time is not reimbursed. That costs us money.
 
Sure you get paid. You got paid for the last visit and you'll get paid for the next visit. You can be unhappy with the level of renumeration, but you are getting paid. When a pharmacist turns away a phony prescription, they're losing that sale and likely future business from the fraudster.
So then y'all should just give the fraudsters the illegal script? Like the pharmacist I had who did that?
 
I think it’s important to differentiate between fake Rxs and Rxs that are inappropriately prescribed

We obviously see a lot quack doctors prescribe stupid amount of controls, but these aren’t necessary fake (as in an unknown individual getting access to erx system)
 
  • Like
Reactions: 1 users
So then y'all should just give the fraudsters the illegal script? Like the pharmacist I had who did that?
You could've stopped it if you checked the records a few times a day. Also, they never would've gotten the illegal script if you hadn't gotten hacked
 
  • Like
Reactions: 1 user
Top