On March 3, 2025, the Department of Health and Human Services (HHS) Office of Inspector General (OIG) issued a report highlighting the risk of fraud in the Medicare and Medicaid payment systems through electronic funds transfer (EFT) schemes. The report was posted on March 6, 2025. Fraudsters have been targeting the Medicare and Medicaid programs by submitting fraudulent requests to divert payments meant for healthcare providers to fraudulent accounts.
From 2020 to 2022, fraudulent EFT authorization requests led to the diversion of approximately $26.5 million from the Medicare and Medicaid programs. The Medicare program alone processes over one billion claims annually, with 2023 expenditures exceeding $1 trillion. Given these high volumes and large financial stakes, EFT fraud poses a significant risk, particularly because EFT transactions are widely used within the healthcare sector. In 2023, fraudsters gained unauthorized access to email accounts, targeting the HHS grant Payment Management System and leading to millions of dollars in losses.
OIG conducted the review to identify vulnerabilities in the Medicare and Medicaid payment systems that could be exploited through EFT fraud schemes. The findings revealed that many Medicare and Medicaid payment processors (payors) have been targeted by these fraud schemes. In fact, two-thirds of surveyed payors reported being targeted, with some experiencing frequent or recurring incidents.
Most payors use verified communication channels or knowledge-based methods to confirm changes to EFT details, and several have adopted security measures in line with expert recommendations to combat fraud. While the Centers for Medicare & Medicaid Services (CMS) has taken steps to mitigate these threats, nearly three-fifths of surveyed payors expressed interest in implementing additional security measures. However, many faced challenges in putting these measures into practice.
OIG recommended the following actions to CMS to address the growing threat of EFT fraud: engaging Medicare Administrative Contractors to improve their security measures, sharing information with State Medicaid agencies to enhance security protocols, and supporting periodic information sharing to help mitigate the evolving threats of EFT fraud. CMS did not explicitly agree with the first two recommendations as originally drafted, but the OIG modified these recommendations to clarify its intent. CMS did not concur with the third recommendation.
For more details, access the full report here.
Compliance Perspective
Issue
There is a significant risk of large financial losses associated with EFT fraud, given the widespread use of EFT transactions within the healthcare sector. Recently, fraudsters gained unauthorized access to email accounts and targeted the HHS grant Payment Management System, leading to millions of dollars in losses in 2023. Among surveyed Medicare Administrative Contractors, State Medicaid agencies, and Medicaid Managed Care Organizations (MCOs), 67 percent reported being targeted by EFT fraud schemes. Additionally, half of the targeted payors reported experiencing financial losses due to EFT fraud.
Discussion Points
- Review financial policies and procedures, ensuring they address both general financial controls and specific EFT fraud prevention. Establish clear protocols for financial transactions, including verification of payment information, access controls, and secure communication channels. Ensure that procedures for EFT transactions are specifically outlined and align with best practices for preventing fraud.
- Educate staff on general financial management practices, with a focus on EFT fraud prevention. Provide comprehensive training on financial best practices, including securing financial transactions, verifying payment information, and recognizing potential fraud schemes. Ensure staff are specifically trained on how to handle EFT requests and how to identify red flags associated with EFT fraud.
- Conduct regular audits to assess both overall financial controls and compliance with EFT fraud prevention measures. Periodically audit all financial transactions to ensure policies are being followed and that staff are effectively identifying and addressing any fraudulent activities. Focus on assessing the verification and approval processes for EFT transactions and ensure corrective actions are taken where weaknesses are identified.
*This news alert has been prepared by Med-Net Concepts, Inc. for informational purposes only and is not intended to provide legal advice.*
