An audit found that staff at Savoy Medical Management wired more than $225,000 to a scammer posing as a vendor.
The audit, released by the Louisiana Legislative Auditor on Monday, states that a scammer hacked the email of one of the group's vendors. The hacker was able to alter the payment instructions in the monthly bill, and as a result $226,330 was wired to the scammer to pay the August 2023 bill.
When Savoy Medical Management, a unit of the Town of Mamou, realized the vendor hadn't received payment, that's when the fraud was discovered, the auditor wrote.
The issue was reported to the bank, local law enforcement, State Police, the FBI, the DA and the Legislative Auditor.
There were no procedures in place to confirm wire instructions were valid, and the wire fraud wasn't covered by insurance, the auditor noted. Savoy was able to recover $81,819 of the money - but $144,511 was gone, the auditor noted.
"The Organization should review their policies and procedures relative to modifications to payment instructions for wire payments. Procedures should be established to require confirmation of payment instructions other than by email correspondence," the auditor recommended.
Management responded that the procedure for modifying vendor information has been changed, to ensure changes are confirmed with the appropriate vendor representative.
Other than this finding, and a very common finding about inadequate segregation of accounting duties that most small organizations and governments have annually, the audit had no negative findings.
Here's the complete audit: