Report Materials
Why OIG Did This Review
- OIG identified a fraud scheme in which fraudsters diverted Federal and State payments intended for providers. Specifically, individuals purporting to be hospital providers have targeted the Medicare and Medicaid programs by submitting fraudulent electronic funds transfer authorization requests or other schemes to divert payments for providers to fraudsters.
- There is a potential for large losses associated with electronic funds transfer fraud, given how widely electronic funds transfer transactions are used within the health care industry. Recently, fraudsters who were able to gain unauthorized access to email accounts targeted the HHS grant Payment Management System, leading to millions of dollars in losses in 2023.
What OIG Found
- Two-thirds of surveyed entities that process payments for Medicare and Medicaid (i.e., payors) reported that they were aware of being targeted by electronic funds transfer fraud schemes, some of which were frequent or recurring.
- Medicare and Medicaid payors most frequently reported using verified communication channels or knowledge-based methods to confirm electronic funds transfer changes.
- Some Medicare and Medicaid payors described employing security measures that align with recommendations from expert groups.
- CMS took some steps to mitigate threats from electronic funds transfer fraud schemes in Medicare.
- Nearly three-fifths of surveyed Medicare and Medicaid payors expressed interest in implementing additional measures to mitigate electronic funds transfer fraud threats, but some reported challenges or barriers to implementation.
What OIG Recommends
OIG recommends that CMS:
- Engage Medicare Administrative Contractors on improving security measures.
- Share information with State Medicaid agencies to help improve security measures.
- Support periodic information sharing to mitigate evolving threats of electronic funds transfer fraud schemes.
CMS did not explicitly state its concurrence or nonconcurrence with the first two recommendations as initially drafted; OIG has altered these recommendations slightly to clarify OIG’s intent. CMS did not concur with the third recommendation.
View in Recommendation Tracker
Notice
This report may be subject to section 5274 of the National Defense Authorization Act Fiscal Year 2023, 117 Pub. L. 263.