The Gist
When most people hear “healthcare fraud,” they picture padded bills or phantom treatments—and for good reason. The DOJ’s record-breaking $14.6B National Health Care Fraud Takedown exposed large-scale billing, prescription, and kickback schemes involving 324 defendants, including nearly 100 licensed medical professionals.
But that kind of front-end fraud is only part of the picture. Federal watchdogs are now warning about something new: medical claims payment attacks.
According to the HHS Office of Inspector General, Medicare and Medicaid payments are increasingly being rerouted through fraudulent electronic-funds-transfer (EFT) schemes—attempts by criminals to redirect legitimate reimbursements to their own accounts.
The trend is spreading. A recent Healthcare Dive report noted that healthcare payment fraud is getting harder to detect as attackers move beyond stolen checks to account takeovers, phishing, and redirected digital payments.
These incidents expose the same weak point: once a claim is approved, traditional controls do little to secure where the money actually goes.
How Claims Payment Attacks Work
Traditional fraud like inflated claims, fake treatments, and upcoding hasn’t disappeared. But attackers may bypass those defenses entirely. Instead of faking procedures, they may hijack the payout itself—executing claims payment attacks that target the reimbursement process after approval.
How it happens:
- Impersonating trusted entities: Fraudsters pose as legitimate provider billing services, TPAs, or revenue-cycle partners, using hijacked domains or cloned email identities. A spoofed note from a “billing coordinator” might request updated bank details for a hospital or physician group—just before the next reimbursement cycle hits.
- Redirecting approved funds: Once a claim is approved, attackers submit fake EFT or vendor update forms to change the routing information on file with a payer or clearinghouse. Payments meant for a real clinic or vendor are silently diverted to a criminal-controlled account.
- Exploiting silos: Healthcare’s reimbursement chain passes through claims processors, finance teams, vendor management systems, and third-party administrators—each with limited visibility into the others. Attackers exploit those gaps, slipping in fraudulent updates that look routine because no single system sees the full picture.
- Weaponizing Generative AI: Criminals use AI to generate near-perfect invoices, mimic legitimate provider communications, or even create voice and video deepfakes of hospital staff confirming account changes. Every layer of trust—from email to phone verification—can now be convincingly faked.
In short, the fraud is no longer in the claim—it’s in between the systems that move the money. These new forms of claims payment attacks exploit the trust and urgency built into the healthcare reimbursement ecosystem.
Trustmi’s Take
The DOJ’s record-breaking $14.6B healthcare fraud takedown made headlines for its scale—and that’s exactly the point. There’s enormous money to be made in exploiting the healthcare payment system. If that much can be stolen through falsified claims and billing abuse, imagine the potential when criminals move beyond fake treatments to target the billions flowing between third parties every day.
So far, most enforcement has focused on front-end fraud—fabricated treatments, inflated bills, and false documentation. But recent oversight reports are warning of what comes next: payment diversion and electronic funds transfer (EFT) fraud, where attackers reroute legitimate reimbursements to their own accounts.
For now, these incidents are isolated. But it’s only a matter of time before we see the same large-scale, third-party payment fraud that’s already disrupting manufacturing and global supply chains make its way into healthcare.
The conditions are ideal: a siloed, manual, and high-volume reimbursement system, where billions move daily and visibility often stops at approval. Every handoff is a chance for deception—and AI-assisted impersonation will only make it easier.
The takeaway isn’t alarm: it’s foresight. Healthcare’s payment infrastructure is modernizing fast, but its fraud defenses are still optimized for a different era. The next phase of protection will need to focus on payment behavior, trust signals, and real-time validation—securing the flow of money itself, not just the claim behind it.
Want to see how payment-flow attacks are emerging across industries?
Explore AI, Cybersecurity & the New Era of Fraud—our series on the evolving tactics and real-world defenses shaping modern fraud prevention.
