News|Articles|April 3, 2026

False Claims Act recoveries hit a record $6.8 billion in 2025

Fact checked by: Keith A. Reynolds, AC Baltz
Listen
0:00 / 0:00

Key Takeaways

  • FY2025 enforcement set FCA recovery records, driven by health care’s enlarged share and unprecedented whistleblower activity, reinforcing sustained cross-administration intensity in fraud policing.
  • DOJ’s National Healthcare Fraud Takedown charged 324 defendants with $14.6B intended loss, featuring DME mega-schemes, identity theft, shell entities, and AI-generated consent fraud.
SHOW MORE

Health care accounted for 84% of total recoveries.

The federal government recovered a record $6.8 billion through False Claims Act (FCA) cases in fiscal year 2025, with the health care sector accounting for $5.7 billion of that total, according to Barnes & Thornburg’s Annual Healthcare Enforcement and Compliance Report for 2025.

The figures represent the highest single-year recovery in the history of the False Claims Act, and health care’s share of the total (84%) marks a sharp increase from the prior year, when it made up roughly 60% of FCA recoveries. Whistleblower-initiated lawsuits also hit a record, with 1,297 qui tam actions filed during the fiscal year.

“The enforcement environment in 2026 is really more data-driven and pattern-focused than ever before,” Shannon Sumner, CPA, CHC, managing principal of PYA’s Nashville office and the firm’s chief compliance officer, told Medical Economics. “Investigations are increasingly triggered by analytics, so practices get flagged because their data does not look like their peers.”

The largest fraud takedown in U.S. history

Among the most significant actions detailed in the report was the Department of Justice (DOJ)’s 2025 National Healthcare Fraud Takedown — the largest in U.S. history as measured by intended loss.

The operation charged 324 individuals, including 96 licensed medical professionals, across 50 federal districts, with the involvement of 12 state attorneys general. The intended loss totaled $14.6 billion. Federal authorities seized more than $245 million in cash, vehicles, cryptocurrency and other assets, while the Centers for Medicare & Medicaid Services (CMS) reported that the takedown prevented more than $4 billion in fraudulent payments and revoked or suspended billing privileges for 205 health care providers.

The largest individual investigation, dubbed Operation Gold Rush, involved a transnational organization that allegedly submitted more than $10 billion in false claims for urinary catheters and other durable medical equipment (DME) using stolen identities, shell companies and money laundering operations. Another case involved a $703 million genetic testing scheme in which artificial intelligence (AI) was used to generate fake patient consent recordings to support claims filed with illegally purchased beneficiary data.

Related: Unmasking $14.6B in health care fraud: Inside the DOJ's largest-ever health care takedown

DME fraud featured prominently throughout the report. Individual providers and practice groups accounted for more than $171.9 million across 55 enforcement actions, while DME and medical device companies were responsible for more than $76 million in settlements on top of the takedown’s massive DME-related prosecutions.

AI cuts both ways

A recurring theme in the report and in the broader enforcement landscape is the growing role of AI, both as a tool for detecting fraud and as a source of new compliance risks.

On the enforcement side, CMS and DOJ have outlined plans to deploy AI for audits, fraud detection and advanced data analytics. HHS Secretary Robert F. Kennedy Jr. and CMS Administrator Mehmet Oz, M.D., MBA, recently announced plans to replace the traditional “pay and chase” model with a “detect and deploy” strategy that uses AI to flag suspicious billing before payments go out.

Related: CMS launches three-pronged plan to CRUSH health care fraud

Pat Naples, J.D., a senior associate at ArentFox Schiff who focuses on health care litigation and government investigations, said the legal foundation for data-driven enforcement has been building for more than a decade.

“Back in 2011, claims data mining was added to federal health care regulations as a potential basis for a credible allegation of fraud,” Naples told Medical Economics. “So this is something the DOJ has had in the works for quite some time, building out its own system for detecting anomalies in claims data.”

Naples acknowledged that a single anomalous claim is unlikely to trigger action on its own. “More typically, what we have seen is that they are looking for large outliers in the data set to flag and ask: ‘What’s happening here? Is there a fraud concern?’”

But AI also introduces risk on the provider side. The Department of Health and Human Services (HHS) released its AI Strategic Plan in January 2025 and a broader AI Strategy for internal operations in December 2025, signaling that the technology will increasingly shape how claims are adjudicated, grants are reviewed and enforcement priorities are set.

One notable case highlighted in the report involved Troy Health, Inc., a North Carolina-based Medicare Advantage provider that entered a non-prosecution agreement with DOJ after using AI and automation software to illegally obtain Medicare beneficiary information and fraudulently enroll them in its plans, making it the first non-prosecution agreement involving a health care fraud scheme facilitated by AI.

For practices adopting AI tools for documentation, coding or clinical decision support, the liability questions remain unsettled. Dan Silverboard, J.D., a health care attorney with Holland & Knight, told Medical Economics that state medical boards and legislatures are increasingly assigning final accountability to the clinician.

Related: The new malpractice frontier: Who’s liable when AI gets it wrong?

“Several states, through medical boards or statute, have established that a medical professional is ultimately responsible for approving or denying AI recommendations,” Silverboard said. “I do not think you would have a situation where an AI program itself would be solely responsible for an adverse event because, legally speaking, the provider must sign off on the recommendation.”

Medicare Advantage under the microscope

The report documents a major expansion of Medicare Advantage oversight.

CMS announced in May 2025 that it would begin auditing all eligible Medicare Advantage contracts annually, up from roughly 60 audits per year. The agency plans to increase its staff of medical coders from 40 to approximately 2,000 to support the initiative, along with the help of AI tools.

The expansion reflects growing concern over how Medicare Advantage plans record diagnoses and the degree to which they do so to maximize payments. According to the Medicare Payment Advisory Commission (MedPAC), Medicare payments to private plans were 20% higher per person than spending for similar beneficiaries in traditional Medicare in 2025, translating to an additional $84 billion in federal spending.

HHS Office of Inspector General (HHS-OIG) audits of Medicare Advantage organizations found that, on average, roughly 83% of the high-risk diagnosis codes reviewed lacked sufficient documentation, resulting in overpayments totaling nearly $15.5 million across four audited plans.

A separate HHS-OIG report found that 72% of behavioral health providers listed in Medicare Advantage and Medicaid managed care network directories should not have been included, either because they were out-of-network or not actually employed where listed.

Barnes & Thornburg predicts that enforcement of network accuracy and adequacy will be a growing trend in 2026.

What practices need to know

For physician practices without dedicated compliance departments, the enforcement trends documented in the report present a practical challenge. Investigations are increasingly initiated by data patterns rather than tips or complaints, which means a practice can attract scrutiny before anyone inside it realizes something looks off.

Sumner said the OIG’s recently updated General Compliance Program Guidance acknowledges that “one size does not fit all,” but still lays out baseline expectations even for the smallest practices.

“[Practices must have a] designated compliance lead. It does not have to be a full-time compliance officer, but it does need to be someone who is taking charge of the program and who has access to leadership,” Sumner said. She also emphasized the importance of written policies that align with actual workflows, role-specific training, a mechanism for reporting concerns, and basic auditing and monitoring focused on the top risk areas.

Naples offered similar advice. “Look at your high-risk areas and determine what they are,” he said. “If you have a lot of consulting relationships, that’s another area where you are going to want to be careful.” He also stressed the value of employee training programs, basic contract auditing and building a relationship with outside compliance counsel.

“A relatively small devotion of resources at one time can really pay off so you do not end up having to devote substantial resources later because of an enforcement action you did not see coming,” Naples said.

The importance of self-disclosure

One area where the report notes a meaningful policy shift is voluntary self-disclosure.

The DOJ updated its guidance on criminal self-disclosures in the white-collar space to state that it will decline prosecution where a party fully engages in the self-disclosure process, cooperates with the investigation, remediates the misconduct in a timely manner and has no aggravating circumstances.

Several settlements highlighted in the report involved entities that received credit for self-disclosing before the government initiated an investigation. HHS-OIG’s newer policies also encourage providers to come forward with voluntary disclosures in exchange for reduced penalties.

“If those anomalies exist and there is some indicia of fraud, the department’s newer policies are encouraging providers to come forward with things like reduced penalties, reduced deferrals and fewer criminal penalties if there is a voluntary self-disclosure that meets the requirements set forth in the policy,” Naples said. “I think the lesson for providers is: Check your own data, stay on top of it, and be prepared so you can take advantage of self-disclosure, if that is needed, before DOJ comes knocking on the door.”

Sumner put it more directly: “The OIG has made it clear that the absence of an effective compliance program is an aggravating factor in enforcement actions, even for small practices. Prevention really is the best medicine.”

The bigger picture

The report catalogs a wide range of enforcement actions that illustrate how broadly the government is casting its net — hospitals paying kickbacks to physicians for admissions, pharmacies dispensing opioids despite unresolved red flags, laboratories billing for medically unnecessary genetic tests and cybersecurity failures leading to FCA liability.

The government collected $41.2 million across 24 data privacy and cybersecurity settlements alone, indicative that HIPAA compliance has become an active enforcement front.

There were also significant legal developments around the False Claims Act itself.

A Florida district court became the first federal court to find that the FCA’s qui tam provisions —which allow private individuals, often current or former employees, to sue health care organizations on the government's behalf for fraudulent billing to Medicare or Medicaid, and to collect a share of any recovered funds if the case succeeds — were unconstitutional. The ruling is now on appeal to the Eleventh Circuit.

And multiple circuit courts weighed in on whether FCA cases based on Anti-Kickback Statute violations require “but-for” causation, a question that could significantly affect the scope of future enforcement.

“To some extent, this can feel like something new and different, but I would say this is really a continuation of a trend that has been in place for years, and we have seen it across administrations,” Naples said. “I would not expect a change of administration to mean a change in the way health care fraud and compliance are policed. This is not going away.”