GAO finds fraud persists in Obamacare tax credits, fake enrollees still receiving subsidies

A newly released report from the Government Accountability Office reveals that “fraud risks in the advance premium tax credit (APTC) persist,” despite earlier warnings and reforms. 

The APTC is a “subsidy that the government pays to insurance companies to make premiums more affordable for eligible Americans under the Affordable Care Act.” CMS paid nearly $124 billion in APTC in 2024 alone, covering about 19.5 million enrollees. 

“So far, we've found that fraud risks have persisted since we first reported on this (2014-2016),” read the GAO’s summary of the findings in the report.

“For example, we were able to get subsidized insurance for fake enrollees. We also found some issues with enrollees' Social Security numbers that could indicate identity fraud.  The program's fraud risks were last assessed in 2018, even though the program and its risks have since evolved,” the GAO added.

Fraud Tests with Fake Identities Are Still Getting Approved

As part of its investigation, GAO submitted "fictitious applications" to the federal marketplace for plan years 2024 and 2025. 

“The federal marketplace approved coverage for nearly all of GAO's fictitious applicants in plan years 2024 and 2025, generally consistent with similar GAO testing in plan years 2014 through 2016,” the GAO said.

All four fake applicants in 2024 were approved, and the federal government paid roughly $2,350 per month in premiums for each one. 

For 2025, 18 out of 20 fictitious identities remain actively covered as of September, collectively receiving over $10,000 per month in subsidies. 

These tests demonstrate that fraudulent enrollments with invalid Social Security numbers can still gain approval and receive taxpayer-funded subsidies.

GAO said the current findings are similar to earlier tests that were conducted from 2014–2016.

Data Patterns Show Vulnerabilities

Beyond the undercover tests, GAO’s analysis of enrollment data for plan years 2023 and 2024 uncovered patterns suggesting potential misuse:

• Tens of thousands of Social Security numbers (SSNs) were used to enroll in coverage more than once in a single plan year. Specifically, about 29,000 SSNs in 2023 and nearly 68,000 in 2024 were linked to multiple coverage enrollees under APTC, the GAO found;
• The agency identified at least 30,000 applications in 2023 and roughly 160,000 applications in 2024 that appear to have undergone “unauthorized changes by agents or brokers.” GAO said this could result in loss of access to medications or unexpected expensive bills for consumers. 

For tax year 2023, GAO didn’t find evidence of reconciliation for more than $21 billion in advance payments made which is required on tax filings to determine the amount of premium tax credit for which enrollees were ultimately eligible to receive. 

“Unreconciled APTC may not necessarily represent overpayments, as enrollees who did not reconcile may have been eligible for the subsidy. However, it may include overpayments for enrollees who were not eligible for APTC,” the report said.

GAO Highlights Oversight Failures at CMS

The report also criticizes the oversight efforts of the Centers for Medicare & Medicaid Services (CMS), which is the agency responsible for running the federal marketplace:

CMS conducted its latest fraud-risk assessment for APTC in 2018, despite substantial changes in the program since that time, GAO said. The 2018 assessment didn’t include the development of a comprehensive anti-fraud strategy.

“CMS has not updated its fraud risk assessment since 2018 despite changes in the program and its controls. Further, CMS’s 2018 assessment may not fully align with leading practices, like identifying inherent fraud risks,” GAO reported. 

“Finally, CMS did not use its 2018 assessment to develop an antifraud strategy. Together, these weaknesses appear to hinder CMS’s ability to effectively and proactively manage fraud risks in APTC,” the IRS also said.

GAO said it discussed its “preliminary findings with CMS” and the “agency provided technical comments, which we incorporated as appropriate.”