Bomb or bust? That’s the question at the heart of a recent preliminary report by the Government Accountability Office on Affordable Care Act subsidy fraud.
The nonpartisan watchdog’s report (1), which dropped in early December, is based in part on findings from 2024 and 2025, when the Government Accountability Office (GAO) employed “fictitious applicants” to apply for the Affordable Care Act’s (ACA) advance premium tax credit (APTC) — a federal subsidy program for individual insurance companies that pay direct plans to individual insurance companies in the marketplace.
They found that in 2024, the Centers for Medicare and Medicaid Services (CMS) paid subsidies to all four bogus claimants totaling about $2,350 per month — despite the fact that some of these “claimants” did not provide citizenship documentation or Social Security Numbers (SSNs). In 2025, GAO listed 20 bogus claimants with CMS — 18 of whom are still receiving APTCs that combine for more than $10,000 per month.
Additionally, the report found that a total of 29,000 SSNs received “more than one year’s worth of APTC insurance coverage in a single plan year” in 2023, with about 66,000 more doing the same in 2024, meaning the same SSNs were used more than once to receive benefits.
The findings also showed that insurance brokers or agents likely changed 30,000 or more coverage claims in 2023 and 160,000 in 2024 without authorization, which “may result in harm to consumers, including loss of access to drugs.”
The GAO report was requested by three congressional Republicans, who released a statement (2) demonstrating “waste, fraud and abuse,” with Judiciary Committee Chairman Jim Jordan saying that “under Obamacare, hard-working Americans have seen their premiums skyrocket and their health care options shrink, while fraud has benefited insurance companies.”
However, critics, as well as one of the report’s own authors, have dismissed this claim, saying this preliminary report does not indicate rampant fraud – especially when viewed in the context of the wider healthcare system.
In an interview with KFF Health News (3), Seto J. Bagdoyan, one of the authors of the GAO report, cautioned that the findings focus only on “indicators of potential fraud” rather than conclusive evidence. And the report itself provides important context to the big numbers that made headlines.
For example, the full 26-page preliminary report (4) states that the 30,000 applications affected by “unauthorized changes” in 2023 and the 160,000 in 2024 represent only 0.4% and 1.5% of all applications in those respective years.
And in terms of duplicate SSNs, the roughly 29,000 in 2023 represent only 0.21% of all SSNs that received grants that year. The 66,000 duplicate SSN in 2024 represented only 0.37%. Beyond accounting for less than 1 percent of all SSNs entered, the report notes that duplicates could also be a result of “data entry errors” and that further investigation is needed.
“It’s really trivial, the scope of the fraud,” Michael Gusmano, a professor of health policy at Lehigh University, told CNBC about the report (5). “It’s just a scare tactic to justify reducing the federal government’s role in subsidizing health insurance.”
And Kaye Pestaina, director of KFF’s patient and consumer protection program, noted in an email to CNBC that “the GAO report does not indicate that this is an outlier compared to fraud in other federal programs.”
The report also says that the fraud risks it investigated were first examined between 2014 and 2016, with additional assessments in 2018. Which means this is an issue that is potentially known to multiple administrations, including President Barack Obama’s last term, President Donald Trump’s first term, and President Joe Biden’s one term.
To that end, Bagdoyan told KFF (3) that the evidence shows that any anti-fraud measures taken in the meantime have not worked, “because we faced the same problems as 12 years ago with identity verification.”
And a Democrat—Rep. Lloyd Doggett of Texas—responded to the report with a letter (6) stating “CMS suspended 850 agents and brokers for alleged fraudulent or abusive conduct related to unauthorized enrollments or plan changes” last year. However, in May of this year, under President Trump, CMS reinstated the suspended agents, with Doggett adding that “shouting ‘fraud’ while empowering criminals solves nothing and will harm many.”
Overall, health care spending is believed to total more than $5 trillion in 2025 (7), while the National Health Care Fraud Association (NHCAA) estimates that fraud costs taxpayers between 3% and 10% of the health care budget in a given year (8). As such, while many experts believe the GAO report is not the bogus gun some politicians have made it out to be, they agree that changes are needed in the system.
Johns Hopkins Bloomberg School of Public Health professor Gerard Anderson told CNBC that while fraud attempts are inevitable, “you should always change the parameters of the system” to try to prevent it. Health policy expert Nick Fabrizio told reporters that expanding ACA subsidies while implementing fraud prevention tools is the best way forward.
“We’re in one of those situations where we have to expand subsidies,” Fabrizio said. “But we have to stabilize the system … We have to meet somewhere in the middle.”
Read more: Vanguard reveals what could be coming for US stocks and sounds the alarm for retirees. Here’s why and how to protect yourself
Even though the scale of healthcare fraud in the GAO report is relatively minimal, it won’t feel so insignificant if you fall victim to unscrupulous actors stealing your personal information. There are, however, simple ways to protect yourself.
For starters, never share your SSN or any health account or password information with anyone unless you’re sure it’s your provider. Healthcare.gov (9) specifically recommends that you only get information about your health coverage from official government sources or websites, stay alert for red flags, such as healthcare contest giveaways, that might be scams, and always verify the identity of anyone claiming to be be a health coverage representative.
The NHCAA, meanwhile, urges people to stay informed about their policies and rights, while regularly reviewing their provider’s statements to make sure they did, in fact, receive the benefits they were billed for (and question those that look fishy!).
And insurance provider Network Health (10) warns that you should never sign blank insurance forms and that you should always monitor financial statements “for any improper billing activity or fraudulent withdrawals.” They also recommend keeping your own records of all appointments and services received in case discrepancies arise.
If you suspect you have been the victim of health care fraud, contact your provider, the Federal Trade Commission’s fraud reporting portal, your local authorities, or for Medicare issues, call 1-800-MEDICARE (1-800-633-4227).
We only rely on verified sources and credible third-party reports. For details, see our ethics and editorial guidelines.
Government Accountability Office (1), (4); United States House Committee on Ways and Means (2); KFF Health News (3), (7); CNBC (5); Doggett.gov (6); National Antifraud Association (8); Healthcare.gov (9); Network Health (10)
This article provides information only and should not be construed as advice. Offered without warranty of any kind.
