The False Claims Act: A Decade of Receipts

Part 2 of the Messy Monday Fraud Series

The receipts exist. Thousands of them. They're sitting in federal court filings, published on the Department of Justice website, documented by the HHS Office of Inspector General, and audited by the Government Accountability Office. They have dollar amounts. They have company names. In many cases, they have signed admissions of wrongdoing.

Nobody buried them. Nobody classified them. They're public. They've been public for years. But I bet you've barely heard of them.

The March 2026 executive order establishing the Task Force to Eliminate Fraud directs the Attorney General to expand False Claims Act enforcement. Sounds good. The FCA is one of the most powerful anti-fraud tools the federal government has ever built. Since Congress strengthened it in 1986, it has recovered more than $85 billion from people and corporations stealing from government programs.

As we covered in Part 1 of this series, the problem is that the EO limits enforcement to "fraud within Federal benefit programs." Because the False Claims Act is not primarily a tool for going after benefit recipients. It never has been. It goes after corporations, hospital systems, pharmaceutical companies, insurance giants, and technology vendors who bill the federal government for things they didn't do, shouldn't have done, or outright made up.

Here's what a decade of enforcement actually shows. Sources: DOJ, HHS-OIG, and GAO. No consultants. No lobbyists. Just the government and evidence based documentation of who has been involved in this mess, how much money is in question, and how long it's been going on.

The Work Is Already Being Done

In FY 2025, the DOJ reported more than $6.8 billion in FCA settlements and judgments — the highest single-year total in the history of the statute. Healthcare fraud settlements alone topped $5.7 billion, more than triple the prior year. [DOJ FCA Annual Statistics FY2025]

Since 1986, total FCA recoveries exceed $85 billion. In FY 2025, healthcare fraud was 83% of all settlements and judgments. [DOJ FCA Annual Statistics FY2025]

That's $85 billion. From the healthcare system. From pharmaceutical companies. From government contractors. From insurance companies. Not from families receiving benefits.

Who's driving these cases? Whistleblowers — employees, former executives, compliance officers — filed a record 1,297 qui tam lawsuits in FY 2025. [DOJ FCA Annual Statistics FY2025] People on the inside who watched it happen and followed the laid out processes for making sure the fraud came to light, even when it meant alienation, illegal retaliation, and stigma. More than three out of four dollars recovered came from cases they filed themselves.

This is confirmed, adjudicated, settled-in-federal-court money that was being stolen. Here's who was doing it.

The Insurance Layer: Medicare Advantage and the Risk Score Racket

Start here. This one made the news ten days before the Task Force EO was signed.

On March 11, 2026, Aetna agreed to pay $117.7 million to resolve DOJ allegations that it submitted false diagnosis codes for Medicare Advantage enrollees to inflate payments from CMS — then falsely certified in writing that the data was accurate. [DOJ press release, March 11, 2026; HHS-OIG enforcement action, March 2026]

Plain language: Medicare Advantage pays insurance companies more money for sicker patients. Aetna paid coders to comb through records and add conditions that made patients look sicker than they were. Some conditions had no supporting medical documentation. Aetna added them anyway, collected the extra payments, and told CMS the data was accurate. Between 2018 and 2023, Aetna also submitted false obesity diagnoses for patients whose own body weight measurements proved they weren't obese.

Aetna is not an outlier:

Kaiser Permanente affiliates settled similar Medicare Advantage upcoding allegations for $556 million in January 2026. [DOJ/HHS, January 2026]

Independent Health Association agreed to pay up to $98 million for submitting invalid diagnosis codes through chart reviews designed to manufacture conditions that didn't exist. [DOJ press release, December 2024]

The DOJ is currently litigating active cases against UnitedHealth Group and Elevance Health on the same theory.

This is a structural incentive problem. The government pays insurers more for sicker patients. Insurers employ physicians. Insurers contract coders. Insurers run retrospective chart reviews. The math writes itself.

The Break Up Big Medicine Act, introduced in the 119th Congress by Senators Warren and Hawley — bipartisan, worth noting — addresses this directly. Its findings state that private insurers use employed physicians to intensively document enrollee conditions, generating inflated federal payments without improving care. The bill would prohibit insurers and pharmacy benefit managers from being under common ownership with healthcare providers, because that vertical integration is what makes this fraud possible. It's not that different from your insurance company owning the hospital you go to. Looks like efficiency. Creates dark corners.

As of 2023, one insurer conglomerate controls approximately 10 percent of all American physicians — the single largest employer of physicians in the country. The three largest pharmacy benefit managers process nearly 80 percent of all prescription drug claims. All three are integrated into large insurance platforms. When your insurer employs your doctor and gets paid more when your chart shows more diagnoses, nobody needs to issue a memo. [Break Up Big Medicine Act, 119th Congress, Section 2 Findings, warren.senate.gov]

The Crooked Pharmacy Counter

CVS's long-term care pharmacy subsidiary, Omnicare, was hit with a $949 million jury verdict after a federal court found it dispensed drugs to elderly and disabled people in assisted living facilities without valid prescriptions — then billed the federal government for them. [DOJ FY2025 FCA Fact Sheet]

Walgreens agreed to pay $300 million — plus additional future payments tied to revenue — to resolve allegations it illegally filled invalid opioid prescriptions and sought federal reimbursement. This included a five-year compliance agreement with HHS-OIG and a parallel agreement with the DEA. [DOJ FY2025 FCA Fact Sheet]

Gilead Sciences agreed to pay $176 million after admitting it paid high-volume HIV drug prescribers tens or hundreds of thousands of dollars in "speaker fees" to push its drugs. Then paid another $202 million for the same conduct applied to a different HIV drug portfolio. [DOJ FY2025 FCA Fact Sheet]

This isn't new. Pfizer paid $2.3 billion in 2009 — the largest healthcare fraud settlement in history at the time — for kickbacks and off-label marketing across multiple drugs. [DOJ press release, 2009] The industry didn't stop. The names and drugs changed. The mechanics didn't.

Technology Is Coming Knocking

This one is newer. If you work in healthcare, you've seen this start to show itself — the exposure runs directly through your vendor relationships, and it goes deeper than cybersecurity.

The top three EHR systems — Epic, Oracle Health, and MEDITECH — hold approximately 74% of the hospital market combined, with Epic alone controlling nearly 38% of acute care. [Definitive Healthcare, 2024] These are not interchangeable systems. They are proprietary ecosystems built to make switching extraordinarily expensive. That's not an accident. It's a business model.

Healthcare regulatory attorneys have described it plainly: EHR vendors blocking hospital clients from accessing their own health information is information blocking — one attorney put it as "you're protecting your client from leaving and finding another EHR." [EHR Intelligence, September 2023]

HHS-OIG finalized information blocking enforcement rules in June 2023, establishing penalties of up to $1 million per violation for EHR developers and health IT entities that interfere with the access or exchange of electronic health information. [HHS-OIG, oig.hhs.gov] An ONC survey found that over 40 percent of nonfederal acute care hospitals had already observed what they believed to be information blocking in 2021 — before enforcement started. [ONC Cures Act Final Rule, 2021]

Here's what that means in federal contracting. When Oracle Health holds the VA's EHR modernization contract — now estimated at $16 billion — and that system is proprietary, hard to audit externally, and resistant to interoperability, the government loses the ability to independently verify what the system is doing and what it's costing. The contractor knows more about the program than the government does. That gap is not a side effect. It's the condition that makes billing manipulation, scope creep, and cost inflation nearly invisible until someone on the inside decides to blow the whistle.

Health Net Federal Services paid $11.2 million for submitting false cybersecurity certifications on a federal contract for military health benefits. Illumina paid $9.8 million for selling genomic sequencing systems with security vulnerabilities while misrepresenting compliance to federal customers. [DOJ press releases; White & Case FCA Healthcare Year in Review 2025]

The DOJ's position, confirmed by courts and multiple settlements: lying about compliance to win or keep a federal contract is fraud. Not a documentation gap. Fraud. You signed off on that vendor. You put them in your environment. The liability will eventually find you.

The DME Deception

Durable medical equipment — wheelchairs, oxygen supplies, ventilators, back braces, wound care products — is one of the most reliably exploited categories in federal healthcare billing. The products are expensive. The patients are often elderly, homebound, or incapacitated. The ordering physician may be miles away and barely involved.

In 2019 alone, a single DME scheme caused over $1.2 billion in Medicare losses. A separate set of regional takedowns that year charged over 345 individuals for billing more than $1 billion to federal health programs while prescribing approximately 50 million controlled substance pills. [HHS-OIG HCFAC Annual Report FY2019]

DME supplier Lincare agreed to pay $25.5 million after admitting it kept billing Medicare for ventilator rentals when it knew patients were no longer using the equipment — up to $1,400 per month, per patient, for a machine sitting in a closet. [DOJ press release; Inside the False Claims Act, Q1 2024]

The pattern holds across a decade of OIG enforcement: equipment ordered through kickbacks, billed without authorization, delivered to patients who didn't need it or never received it, charged at maximum reimbursement rates. Settle for millions. Keep operating, or reopen under a new name.

Hospitals Aren't Immune

Hospitals are among the most consistent FCA defendants over the past decade — primarily for illegal financial arrangements with referring physicians and billing for services that were unnecessary, never performed, or below standard.

Community Health Network paid $345 million to resolve allegations of referrals made in violation of the Stark Law — the federal statute prohibiting physicians from referring patients to facilities where they have a financial interest. [DOJ press release FY2024] Refer patients, get paid. Federal programs covered the bill.

Owners of several Arizona wound care companies agreed to pay over $309 million after investigators found they had hired untrained sales representatives to recruit elderly and hospice patients, ordered expensive bioengineered skin grafts regardless of medical necessity, and billed Medicare. [DOJ press release; Gibson Dunn FCA Year-End Update 2024]

Not one doctor making a bad call. A coordinated national scheme targeting the most vulnerable patients for the most expensive procedures.

ChristianaCare paid $42.5 million to resolve allegations of illegal compensation to surgeons and neonatologists to induce referrals. The case was brought by a whistleblower — the hospital's own former chief compliance officer. Someone who knew exactly what was happening and decided the public needed to know too. [DOJ press release, January 2024]

The Procurement Gap: Gaming the System Before a Dollar Is Obligated

Everything above got caught — usually years after it started, usually because a whistleblower risked their job to report it. What the settlement record doesn't capture is the fraud baked into the procurement system before a single contract is awarded.

HHS is the fourth largest contracting organization in the federal government, spending nearly $5 billion annually on services and supplies — before you add managed care contracts, IT infrastructure, and the vendor networks supporting federal health programs. [HHS-OIG, oig.hhs.gov]

The front door is SAM.gov — the System for Award Management, where every entity doing business with the federal government must register. Self-certification is a feature. Predictably, it gets abused.

The SBA administers set-aside programs designed to direct federal dollars to businesses owned by veterans, women, minorities, and economically disadvantaged groups: SDVOSB, WOSB, 8(a), and HUBZone. These exist for legitimate reasons. They are also consistent targets for fraud.

In February 2020, the DOD Inspector General audited 29 contractors who had self-certified as service-disabled veteran-owned small businesses. Sixteen didn't qualify. Those 16 had received 27 contracts worth $827.8 million. In some cases, publicly available information directly contradicted the certification. Nobody checked. [DOD OIG report, February 2020]

$827 million. Contracts reserved for veterans injured in service to this country. Awarded to companies with no qualifying veteran in charge — or no veteran at all.

The scheme has a name: "rent a vet." A large contractor installs a service-disabled veteran as the nominal owner on paper. The real owner — who doesn't qualify — runs the operation. The company wins set-aside contracts. The veteran gets a cut. The actual program beneficiaries get nothing.

One construction company owner was indicted in 2021 for exactly this. His company had collected $250 million in veteran set-aside contracts before investigators caught up. [DOJ, 2021]

QuarterLine Consulting Services and its parent PSI agreed to pay $3.9 million after QuarterLine kept certifying itself as a women-owned small business following an acquisition that legally ended that status. It was required to update its SAM registration within 30 days. It didn't. It kept winning set-aside contracts to provide physicians to military treatment facilities for years. [GSA OIG, January 2024]

TriMark USA agreed to pay $48.5 million after its subsidiaries manipulated set-aside contracts for service-disabled veterans — with TriMark doing the actual work while a qualifying small business held the contract on paper. The small business got the award. TriMark got the money. [DOJ press release, February 2022]

Large contractors create or co-opt certified small businesses as pass-throughs to capture contract vehicles they'd never qualify for on their own. The government thinks it's hitting small business goals. The OIG audits a sample and finds out otherwise.

In 2019, the SBA OIG audited 15 firms that had received HUBZone certification and a contract. Three were improperly certified. Four others were actively receiving contracts despite the SBA having never made an eligibility determination at all. Just in the system. Getting contracts. Unchecked. [SBA OIG HUBZone audit, 2019]

This is the internal controls failure that never makes headlines and didn't make the EO. The certification system runs on self-reported data, verified inconsistently, audited by sample only, corrected years after the fact. The gap isn't incidental. It's structural. Every dollar flowing through a fraudulently certified contractor is a dollar taken from the legitimate veteran-owned companies, women-owned businesses, and disadvantaged small firms these programs exist to support.

The Largest Takedown in History Happened Last Year

In July 2025, the DOJ's National Health Care Fraud Takedown charged 324 defendants — including 96 licensed medical professionals — for schemes involving over $14.6 billion in fraudulent activity. The largest healthcare fraud takedown in DOJ history. It doubled the previous record. [DOJ press release, June 2025; HHS-OIG 2025 National Health Care Fraud Takedown]

Attorney General Pamela Bondi's name is on that press release. This administration announced it. They know exactly where the money is going.

324 defendants. 96 licensed professionals. $14.6 billion. They issued the press release. Then six months later signed an EO limiting FCA enforcement to benefit programs.

Back to That EO

The FCA enforcement record of the past decade is not ambiguous. The confirmed fraud — billions of dollars, in federal courts and OIG reports — is being committed by insurers, pharmaceutical companies, hospitals, DME suppliers, and government contractors. Not by people holding a benefits card.

The False Claims Act, when used as intended, is one of the most effective fraud tools in federal law. Built-in whistleblower mechanism. Triple damages. It works. Thirty-plus years of recoveries and a record 2025 prove it.

It's a choice about whose fraud matters. The government's own documentation answers that question whether they meant it to or not.

So What Does a Different System Look Like?

The fraud documented here isn't just evidence of bad actors. It's evidence of a system built in ways that make certain kinds of theft easy — and certain kinds of accountability nearly impossible. When the insurer employs the doctor. When the EHR vendor controls the data. When the contractor running the program decides what gets reported about it. The question stops being "how do we catch more fraud" and becomes "why did we build it this way?"

Something different is already being built. Just not in Washington.

Ro and Hims & Hers turned episodic care into a subscription model — offering medications for conditions from hair loss to GLP-1 weight management at a fraction of traditional cost, mostly by cutting out the insurance layer. [Fierce Healthcare, 2024] Amazon One Medical followed, offering Prime members video visits for $49 and bundled treatment plans starting at $10 a month for conditions that used to require an office visit, a referral, an authorization, and a pharmacy trip. [Fierce Healthcare, November 2024] Mark Cuban's Cost Plus Drug Company started manufacturing its own generics to give patients an option outside the traditional distribution chain. [Hospitalogy, December 2024]

These are signals more than solutions. They're the market telling you that millions of people are frustrated enough with the existing system to pay out of pocket for a $30 telehealth visit rather than fight through prior authorizations and surprise bills. When that's the rational choice, the system has already failed.

The direct primary care market — patients paying a flat monthly fee directly to their physician, no insurance involved — is growing fast. The AAFP found that 9 percent of family physicians operated a DPC practice in 2023, up from 3 percent in 2022. [AAFP 2024 DPC Data Brief] A 2024 peer-reviewed analysis in the Journal of General Internal Medicine found DPC can yield over $25,000 in annual cost savings compared to fee-for-service, in part because DPC physicians carry average panels of 413 patients versus 2,500 in traditional practice. [JGIM, September 2024, PMC]

Starting January 1, 2026, DPC enrollment no longer disqualifies patients from contributing to a health savings account — removing one of the main barriers to growth. [AAFP] The Milbank Memorial Fund's 2025 Primary Care Scorecard found primary care clinicians per capita falling, primary care reimbursement averaging $259 per visit versus $1,092 for gastroenterology, and EHR administrative burden draining clinician time across the board. [Milbank, 2025]

Here's where it gets complicated.

Amazon is not a disruptor. Amazon is the next consolidator — and possibly the next fraud risk if nobody is watching. Amazon One Medical offers telehealth, bundled treatment plans, and medication delivery under the Prime umbrella, connected to Amazon Pharmacy, with its own clinic network and logistics chain. That is vertical integration. The Break Up Big Medicine Act describes exactly this structure: an entity owning the insurance function, the pharmacy function, and the provider function simultaneously — with the ability to steer patients toward its own services, hide profits across segments, and game federal reimbursement from a position of informational advantage.

Amazon doesn't call itself an insurance company. But if it holds your clinic relationship, fills your prescriptions, delivers your medications, and eventually processes federal reimbursements — the label doesn't matter. The conflicts of interest are identical to what we've documented throughout this series. The oversight gaps will be too.

The same is true of Hims & Hers. The company now owns its own pharmacies, with nearly all orders filled through affiliated facilities — a vertical integration strategy built to capture margin at every point. [DrugPatentWatch, January 2026] Not inherently fraudulent. But it's exactly the structure that enabled fraud in every other vertically integrated healthcare platform in this series.

The honest tension: direct primary care and direct-to-consumer telehealth work for people who can afford $50 to $150 a month. They work less well for the Medicaid patient who can't afford a copay, the rural veteran with no broadband, the elderly person who isn't navigating an app. The intermediary changes. The concentration doesn't.

But what these models are proving is real. Care doesn't have to flow through a billion-dollar insurance billing apparatus to reach a patient. When you cut the administrative friction — prior authorizations, network adequacy games, upcoding incentives — the actual cost of delivering care drops. The price of the current system isn't the price of healthcare. It's the price of the current system.

Universal healthcare isn't coming. The ACA is under pressure. The fraud task force is targeting benefit recipients. None of that changes by the time you finish reading this. But the people rebuilding care delivery aren't waiting for Washington. They're building direct relationships between patients and providers, cutting the layers where fraud concentrates — not through regulation, but by removing the surface area fraud needs to exist.

Working within a broken system doesn't mean pretending it isn't broken. It means being honest about what the breakage costs, who pays most, and what different actually looks like. You can't build something better while pretending the current model works.

It doesn't. The fraud is the proof. And now you have the receipts.

Next week, Part 3. I was on the inside of the largest integrated healthcare system in the country. I saw the broken controls, built the team to fix them, and put it in writing that looking away from the reality of what we found wouldn't make it disappear — it would make it worse. I might as well have screamed into a void. Maybe now someone will listen.

Primary Sources

All major claims are sourced from federal government publications, peer-reviewed research, or credible news organizations:

• DOJ Office of Public Affairs press releases, FY2019–2026 (justice.gov)

• DOJ False Claims Act Annual Statistics, FY2019–2025 (justice.gov)

• DOJ FY2025 FCA Fact Sheet (justice.gov)

• HHS-OIG enforcement actions and HCFAC Annual Reports (oig.hhs.gov)

• HHS-OIG Information Blocking enforcement page (oig.hhs.gov)

• 2025 National Health Care Fraud Takedown, DOJ and HHS-OIG (justice.gov, oig.hhs.gov)

• GAO-24-105358: DOD Fraud Risk Management (gao.gov)

• DOD OIG SDVOSB contractor eligibility report, February 2020 (dodig.mil)

• GSA OIG enforcement actions (gsaig.gov)

• SBA OIG HUBZone and SDVOSB audit reports (sba.gov/oig)

• HHS-OIG Contract Fraud page (oig.hhs.gov)

• ONC 21st Century Cures Act Final Rule and information blocking enforcement (healthit.gov)

• Break Up Big Medicine Act, 119th Congress, Senators Warren and Hawley (warren.senate.gov)

• AAFP 2024 DPC Data Brief (aafp.org)

• Journal of General Internal Medicine: "Direct Primary Care: Financial Analysis and Potential to Reshape the U.S. Healthcare Landscape," September 2024 (PMC/NLM)

• Milbank Memorial Fund, 2025 Primary Care Scorecard: The Cost of Neglect (milbank.org)

• Fierce Healthcare, Reuters, and Healthcare Dive for news verification

These statements and opinions are my own, based on my experience as a GS-15 director-level federal employee. The problems started far before they exploded into mainstream awareness — and the cleanup will fall to me and my peers. So yes, I'm still angry.