Did you know that the FBI is the lead federal agency responsible for investigating cyberattacks? Their role includes collecting and sharing intelligence, engaging with victims of cybercrime, working to identify malicious and fraudulent cyber activities, and prosecuting those who commit them. The FBI also publishes alerts about ransomware attacks, and other types of cybercrime that may be ramping up, in order to help businesses harden their security defenses.
Although they investigate all kinds of different cybercrimes, the FBI may be most heavily engaged in the detection and investigation of fraud in the healthcare industry. One of the reasons for this focus is the enormous cost of healthcare cybercrime and cyber fraud.
Healthcare Cybercrime Sets Record in 2021
In 2021, a total of 712 healthcare data breaches were reported to the HHS Office for Civil Rights between January 1 and December 31, 2021. That number set a new record for healthcare data breaches, exceeding last year's total more than 10% (70 more breaches).
Hacking and other cyber incidents dominated the 2021 breach reports, far exceeding all other reported causes combined (i.e., unauthorized access/disclosure, loss, theft, and improper disposal). Hackers are able to be successful, in part, because many healthcare providers still have not implemented security programs that comply with HIPAA requirements, or even meet best practices standards.
In addition to hacking and other cybercrime, the healthcare industry is also plagued by fraud. According to the FBI, healthcare fraud in the U.S. costs tens of billions of dollars each year. It results in higher health insurance premiums and higher taxes, and exposes individuals to unnecessary medical procedures, among other damages.
Healthcare fraud is committed by healthcare providers, by patients, and by bad actors who intentionally abuse the healthcare system to obtain illegal payments or other unlawful benefits. Much of the action is on the Internet as criminals conduct marketing scams, submit bogus billing for services and equipment, and solicit cohorts in crime to participate in their schemes. In many cases, the FBI must follow both paper trails and digital trails.
Medical Fraud Committed by Healthcare Providers
According to the FBI, healthcare providers commit several different types of fraud related to medical billing. Since the majority of healthcare providers bill both private healthcare insurance companies as well as federal programs like Medicare, these healthcare insurers become their victims.Following are some of the crimes committed by physicians, dentists, therapists, and other types of healthcare providers:
- Submitting multiple claims for the same service (known as double billing).
- Billing for a service visit, supplies, or equipment the patient never received (phantom billing).
- Submitting multiple bills for the same service (unbundling).
- Billing for a more expensive service than the patient actually received (upcoding).
Other Types of Medical Fraud
But healthcare providers aren’t the only perpetrators. Medical fraud is also committed by individual patients, groups of patients, and other bad actors. Their victims vary from individuals to insurers to physicians, depending on the type of fraud. Examples of these crimes include:
- Using bogus marketing ploys to convince individuals to disclose their health insurance identification number and other personal information, with the intent to bill for non-rendered services, steal their identity, or enroll them in a fake benefit plan.
- Committing identity theft in order to use another person’s health insurance, or swapping identities to allow a friend or other individual to use their insurance.
- Impersonating a physician, therapist, or other healthcare professional by providing, or billing for, healthcare services or equipment without the required license.
Regardless of who commits them, virtually all of these crimes rely on the complexity, bureaucracy, and sheer scale of the healthcare system to make it difficult, if not impossible, to catch the thief. However, cybercriminals and fraudsters are caught—and prosecuted, and fined, and imprisoned—thanks to the FBI and its partners, and the individuals who report these crimes to the FBI. They welcome tips from suspicious citizens and complaints from crime victims to aid in their efforts to identify and pursue healthcare criminals.
Three Brazen Examples of Healthcare Fraud
The three cases summarized below were announced by the FBI in April 2022, along with dozens of others. They are all very different from each other but share the common threads of human greed and arrogance. Countless other cases described in Justice Department Press Releases attest to the variety of cybercrime and fraud that are perpetrated in our country on a daily basis.
Pharmacist Sentenced for $180 Million Healthcare Fraud
In this case, a Mississippi pharmacist was sentenced to ten years in prison for a multimillion-dollar scheme to defraud TRICARE and private insurance companies by paying kick-backs to distributors for the referral of medically unnecessary prescriptions. The scheme resulted in more than $180 Million in fraudulent billings, including more than $50 Million paid by federal healthcare programs.
Mitchell “Chad” Barrett, 55, was a licensed pharmacist in Mississippi and co-owned various compounding pharmacies, which customize medications based on patients’ specific needs. Barrett adjusted prescription formulas to obtain the highest reimbursement, without concern for medical necessity. He solicited recruiters to procure prescriptions for high-margin compounded medications and paid them commissions based on the reimbursements he received from healthcare insurers, pharmacy benefit managers, and TRICARE.
TRICARE is a healthcare program for the Armed Forces including active duty service members and their families, National Guard and Reserve members and their families, and retirees and their families.
Doctor, Dentist, Former NBA Player Charged with $5 Million Insurance Fraud
Dr. William Washington, Aamir Wahab DDS, and former NBA player Keyon Dooling were charged along with 16 others in a scheme to defraud the National Basketball Association Players’ Health and Welfare Benefit Plan, which provides benefits to eligible active and former NBA players. The 16 were either arrested or surrendered in October 2021. In addition to charges of healthcare fraud and wire fraud, two of the 16 were also charged with aggravated identity theft.
Washington and Wahab were the medical providers who allegedly facilitated the scheme. Keyon Dooling is a former NBA player who allegedly engaged in the scheme and recruited other co-conspirators to join the scheme. The three were arrested in April 2022 and added as defendants in the healthcare fraud and wire fraud conspiracy case.
The charges were announced by the U.S. Attorney for the Southern District of New York and the Assistant Director-in-Charge of the New York Field Office of the FBI. The case against Washington will be presented in the Western District of Washington, the case against Wahab in the Central District of California, and against Dooling in the District of Utah. The case is assigned to U.S. District Judge Valerie Caproni.
Owner of Hearing Aid Practice Charged with $2.5 Million Healthcare Fraud
In this case, an Athens, Alabama-based businessman was charged with 15 counts of healthcare fraud. He agreed to plead guilty to the charges, pay a forfeiture of $1 Million, and pay restitution to the victims in the amount of $1.5 Million. The maximum penalty for each count of healthcare fraud is ten years in prison.
Joshua D. Creasy, 44, operated One Love Hearing Concepts, a practice with multiple storefront locations that provided hearing aids and other hearing solutions. Creasy schemed to defraud insurers into paying him for medically unnecessary hearing aids. His activities included providing free products to induce individuals to allow him to bill their insurance for hearing aids; billing insurance companies for hearing aids their beneficiaries never received; and billing insurers for hearing aids for patients who never even visited a One Love location.
The charges were announced by the FBI Special Agent in Charge and the U.S. Attorney for the Northern District of Alabama and the Special Agent in Charge of the Tennessee Valley Authority Office of the Inspector General.
The FBI urges anyone who suspects healthcare fraud to report their suspicions. It is tips from concerned individuals that help the FBI discover cybercrimes and healthcare fraud, and often those tips lead to prosecution.
The U.S. healthcare industry is not small, it is not simple, and it is not streamlined. As such, it is a favorite target of hackers, cybercriminals, scammers, swindlers, and cheats. In some cases, healthcare is the victim of the “everyone else is doing it” excuse, as evidenced by otherwise honest physicians falling under the spell of easy profit.
The U.S. Federal Bureau of Investigation is tough on cybercrime and fraud in healthcare as well as in other industries. Healthcare fraud alone is estimated by the FBI to cost the U.S. tens of billions of dollars each year. By regularly investigating and prosecuting individuals and collectives who commit these crimes, the FBI is able to recoup a small portion of those annual losses. They welcome tips from suspicious citizens and complaints from crime victims to aid in their efforts to identify and pursue healthcare criminals.
In the meantime, healthcare providers, health plans and insurers, and healthcare business associates should act now to strengthen their cybersecurity and compliance programs. Vital steps include conducting annual security risk assessments and updating security policies and procedures to reflect new threats. And there are numerous additional preventive actions that will help to safeguard networks, systems, and data.