MICHEL MARTIN, HOST:
Sorry to do this to you, but we need to talk robocalls. Could they be any more annoying?
AUTOMATED VOICE #1: New message - decided to suspend your social security number and file a lawsuit against you.
AUTOMATED VOICE #2: You're now eligible to qualify for a zero percent interest rate.
AUTOMATED VOICE #3: There are some legal enforcement actions filed on your Social Security number for fraudulent activities.
AUTOMATED VOICE #4: If you wish to opt out, press 2 now.
AUTOMATED VOICE #5: Message marked for deletion. There are no more messages.
MARTIN: Ignore them, you've still been interrupted. Answer them, thinking it's your spouse or child or student loan lender on the line, and there's somebody trying to entice you or intimidate you into giving them money or personal information. And now the problem is moving from infuriating to potentially dangerous as robocallers have started targeting hospitals and other health facilities and patients. So we're taking this to our regular segment, Troll Watch.
(SOUNDBITE OF MUSIC)
MARTIN: Joining me to talk about this is Dave Summitt. He is the chief information security officer at the Moffitt Cancer Center, which is one of the health care providers that has been targeted by robocallers. He's with us now from WUSF in Tampa, Fla.
Dave Summitt, thanks so much for joining us.
DAVE SUMMITT: Thank you for having me.
MARTIN: So when did you first realize that robocalls had moved from just being - not just, but irritating to a serious crisis that was affecting your facilities and your patients?
SUMMITT: About a year and a half ago, we noticed an uptick in phone calls coming into the organization made to appear like it's coming on behalf of Moffitt, to Moffitt. So therefore, people inside of our organization is going to obviously pick up the phone because they think it's someone from inside the organization. And then, when they do, it's not someone from inside the organization. It's someone from the outside trying to either grab additional information or just scam us.
MARTIN: You actually have testified to Congress about this. And you shared that in the past 90 days, Moffitt got over 6,600 external calls identified as a Moffitt internal phone number, and it took your employees 65 hours to respond to these, and that you said, over a 30-day period, there were more than 300 calls made to the center coming from Washington, D.C. And what do these people want? Like, what are they - they're trying to, what, induce people to give out other patients' personal information, or they're trying to trick patients into thinking that they're from Moffitt? What are they trying to do?
SUMMITT: So there's a wide variety in these calls that are being placed. The obvious part of most of these calls are to get a person to pick up the phone in the first place. So the purpose of the spoofing from the bad guy's perspective is, the more I can make it appear like it's a legitimate phone call, the more apt the person is going to pick up the phone and start answering questions. And in our case, we were having people calling local people outside of our facility in our local area and across the state imitating that they're coming from Moffitt and attempting to get additional health insurance information or personal information. And then they would potentially use that information against that person.
The other types of calls that were coming into our organization were a wide range. But the most damaging one would be the kind that is asking for physician information that they could potentially use in fraudulently taking our physician information and potentially making fraudulent Medicare claims.
MARTIN: Have you reached out to other healthcare providers about this? And what have they told you?
SUMMITT: So we have. Before my testimony, we did reach out to approximately 18-plus other health care organizations across the nation. And basically, 18 of them signed up with us to help bring this awareness to Congress. And our biggest concern in the health care industry is not only is it potentially disruptive to health care operations itself, but it's also possible that during these calls that there could be what's called a denial of service against our telecommunication systems. And what that would mean would be a complete shutdown of our communications. And that's one of our worst fears.
And, in fact, there was a hospital within the last 12 months that had over 65,000 calls launched against their facility, which did do a denial of service. And what we're afraid of is that's going to continue.
MARTIN: Do you have any insight into why this is happening?
SUMMITT: For the most part, it's an easy thing to do from a bad actor standpoint, and they're making money off of it. And that's really the bottom line.
MARTIN: Before we let you go, can you offer some advice for people who are dealing with this? I mean, if you think you've gotten a call from the Moffitt Cancer Center, then it just doesn't seem like a great idea to ignore it. Like, what do you suggest that people do?
SUMMITT: So what we're advising and what I advise even friends when they're asking me, what do I do about these calls, really, is to know who the caller is. There's no need to answer the call immediately. Even if it's an emergency situation, typically, the person who's trying to got ahold of you will call you right back. Robocallers don't do that. If you don't answer the call the first, they move on to the next. So if you get back-to-back phone calls from the same number, it's most likely someone really trying to get in touch with you.
And the second thing I really advise is that when you've answered the call, don't immediately say hello, and don't give a hello, this is and your name. That helps the other people on the other end to know even more about you. So the least amount of information you give over one of these calls the better. And the other option that you actually have is to let it go to voicemail. If it's legitimate, they're going to leave a voicemail.
What I don't really recommend, which is what a lot of people are doing, are putting those numbers in their block system. Keep in mind these are spammed, spoofed calls which, means that who's calling you is not who is showing up on the caller ID, and all you're doing now is blocking the caller ID number, which could potentially be someone that really needs to get in touch with you.
MARTIN: That is Dave Summitt, chief information security officer from Moffitt Cancer Center in Tampa, Fla. Moffitt provides cancer care to more than 60,000 patients each year. It's the third-busiest standalone cancer hospital in the United States. We reached him in Tampa, Fla.
Dave Summitt, thanks so much for talking with us, and thanks for that advice.
SUMMITT: Thank you for helping us raise this awareness.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.