THANK YOU FOR SUBSCRIBING
The Quintessential Technology Source for Corporate Financial Professionals
CFO Tech Outlook Weekly Brief
Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from CFO Tech Outlook
Christopher DeAngelis ,VP, Enterprise Fraud Strategy & Prevention, ZelisChristopher DeAngelis, CFE, currently serves as Vice President of Enterprise Fraud Strategy and Prevention at Zelis, a leading innovator in healthcare technology solutions. With over 25 years of industry experience as a Certified Fraud Examiner, he is a frequent speaker and a respected thought leader on healthcare fraud and financial crime.
In 2025, a troubling fraud tactic has gained traction across the healthcare landscape: the takeover and exploitation of dormant or defunct provider businesses. These entities, once legitimate but now inactive, are being reactivated by bad actors who use them to submit massive volumes of false claims to Medicare, Medicaid and private insurers. The result is a sophisticated, tech-enabled scheme that is both difficult to detect and even harder to dismantle.
The Anatomy of a Dormant Provider Takeover
At the center of this scheme is the strategic acquisition or impersonation of dormant healthcare entities—such as durable medical equipment (DME) suppliers, diagnostic laboratories, or home health agencies—that still retain valid billing credentials. These businesses often have clean billing histories, making them ideal candidates for bypassing payer scrutiny.
Once under fraudulent control, the entities are rapidly reactivated and begin submitting large volumes of claims for services or equipment that were never provided. Payments are routed into newly created bank accounts controlled by the fraudsters, who often present themselves as operating legitimate businesses.
Technology as a Double-Edged Sword
While technology has revolutionized healthcare delivery and administration, it has also equipped fraudsters with powerful tools to exploit systemic vulnerabilities. The dormant provider takeover is a clear example of how digital infrastructure—originally designed to enhance efficiency— can be manipulated for illicit gain.
1. Synthetic Identities and Digital Onboarding
Bad actors often use stolen or synthetic identities to impersonate legitimate owners or authorized representatives. Using these fabricated credentials, they can:
● Open business bank accounts
● Register with payers and clearinghouses
● Enroll in electronic payment systems using falsified documentation
2. Manipulation of Payment Infrastructure
Once onboarded, bad actors target digital payment systems to divert funds. In some cases, they use phishing, social engineering, or business email compromise tactics to obtain sensitive information from the original business owner. With access to provider portals, they can update or register new bank account details, rerouting payments into fraudulent accounts.
3. Website and Credential Fabrication
To pass initial due diligence checks, bad actors often create basic, superficial websites for reactivated businesses. These sites typically include:
● Generic content, often featuring stock or AI-generated images of supposed physicians or patients
● Minimal or outdated contact information
● Circular, inactive, or broken links
“Just as fraudsters exploit digital tools to orchestrate these schemes, fraud prevention teams must apply advanced technology to detect and disrupt them”
These tactics are designed to create a façade of legitimacy while avoiding deeper scrutiny.
4. Cross-Entity Obfuscation
Fraud rings frequently operate multiple reactivated entities in parallel. They exploit public business registration databases and shared infrastructure—such as addresses, phone numbers and IP addresses—to mask true ownership. Shell companies and nominee owners are commonly used to obscure control and create additional layers of separation between the bad actors and the fraudulent operations.
5. Automated Claim Submission and Laundering
Once operational, these entities leverage automated billing software to submit large volumes of false claims. The fraudulent proceeds are then laundered through layered financial accounts, often spanning multiple countries. In some cases, AI-generated documentation or spoofed electronic health record (EHR) data is used to validate these claims, adding yet another layer of deception.
Red Flags and Prevention Strategies
For fraud prevention professionals, dormant provider takeovers present a unique and evolving challenge. These entities often appear legitimate on paper and may not raise immediate red flags. However, several indicators can help identify potential fraud:
● Sudden Billing Spikes: Unexplained increases in claim volume or payment amounts from previously inactive providers.
● Ownership Changes: Frequent or recent ownership transfers, especially when tied to shell companies.
● Cross-Entity Linkages: Shared infrastructure (e.g., addresses, phone numbers, or IPs) between multiple provider entities.
● Credentialing Gaps: Lack of up-to-date credentials or failure to complete re-credentialing and site visits upon reactivation.
Leveraging Technology for Defense
Just as fraudsters exploit digital tools to orchestrate these schemes, fraud prevention teams must apply advanced technology to detect and disrupt them. Key strategies include:
● AI-Powered Behavioral Monitoring: Use machine learning to detect anomalies in provider behavior and billing patterns.
● Graph Analytics: Visualize and analyze relationships between providers, owners, financial accounts and associated entities.
● Digital Forensics: Identify reused website templates, domain registration inconsistencies and suspicious digital footprints.
● Enhanced Identity Verification: Require in-person or video-based identity validation for reactivating dormant businesses to ensure legitimacy.
A Call to Action
The Department of Justice’s recent National Health Care Fraud Takedown, which charged 324 individuals in connection with $14.6 billion in healthcare fraud, included multiple cases of dormant provider takeovers and highlights the scale and sophistication of these schemes. As bad actors grow more agile and tech-savvy, the responsibility falls on fraud prevention professionals to stay ahead. This requires more than just investing in advanced analytics and investigative tools; it demands a culture of vigilance and cross-functional collaboration.
The dormant provider takeover scheme is a stark reminder that fraud is no longer operating on the margins. It is embedded within the infrastructure. Unless we adapt our defenses accordingly, the cost will be measured not just in dollars, but in trust.
Read Also
