How Ordinary Providers Get Recruited into Criminal Networks

In June 2025, the Department of Justice announced the largest healthcare fraud takedown in its history: 324 defendants charged, $14.6 billion in alleged losses, and 96 licensed medical professionals caught in the net. Doctors. Nurse practitioners. Pharmacists. People who, at some point, passed their boards, took an oath, and built a career around caring for patients.

So how does a licensed chiropractor end up in a RICO indictment? How does a pharmacist go from filling prescriptions to facing federal drug trafficking charges? The answer rarely starts with a criminal mastermind. More often, it starts with a pitch.

Step One: It Looks Like a Business Opportunity

Fraud rings don’t advertise themselves as fraud rings. They advertise themselves the way any legitimate business would, with the promise of growth, efficiency, and revenue supposedly being left on the table.

The pitch varies depending on the target. A struggling chiropractor might get a call from a “marketing consultant” guaranteeing a steady stream of auto injury patients. A physician dealing with declining reimbursements might be approached by a telemedicine platform offering to handle billing and compliance while providing supplemental income for remotely reviewing charts. A pharmacy owner facing thin margins might be connected with a wholesaler promising lucrative prescription volume.

The framing is almost always the same: a practice is underbilling, help is available, and someone else will handle the complicated parts.

This matters for investigators because the early stages of recruitment look nothing like fraud from the inside. Providers often genuinely believe they are entering a legitimate business arrangement, at least initially. Understanding that arc changes what investigators should be looking for, and when.

Step Two: The Infrastructure Forms Fast

Once a provider agrees, the operation moves quickly. Entities are created or purchased. The provider is enrolled with insurers or federal programs under the new arrangement. Billing platforms are activated. And leads start flowing.

In telemedicine schemes, the workflow is particularly streamlined and deceptive. Telemarketing companies recruit Medicare beneficiaries by offering “free” back braces, genetic tests, or knee supports. Patient information is collected and forwarded to the telemedicine platform. Pre-populated orders appear in the provider’s queue, diagnosis codes already filled in, and the provider’s job is simply to sign.

Example:

Steven Richardson, a Massachusetts man accused of orchestrating a $110 million Medicare fraud scheme, allegedly built his operation around fraudulent durable medical equipment (DME) orders. According to prosecutors, Richardson and his associates used medical staffing companies to recruit doctors and nurses willing to sign pre-populated orders for braces and other medical equipment without ever speaking to or examining the patients listed on the forms. Those signed orders were then sold to DME suppliers that used them to bill Medicare for equipment patients often did not need, and in some cases never even received. Prosecutors alleged that batches of signed orders connected to more than 100 Medicare beneficiaries could sell for as much as $7,000, turning physician signatures into a highly profitable commodity within the scheme.

From the provider’s perspective, arrangements like this can initially look like a streamlined way to handle paperwork or generate additional revenue. But legally, the situation is far more serious. The U.S. Department of Health and Human Services Office of Inspector General has made clear that paying physicians based on the number of orders they sign can violate the federal Anti-Kickback Statute, especially when those orders are tied to profit rather than legitimate patient care.

Step Three: The Financial Hooks Go In

For many providers, financial pressure is the vulnerability that fraud rings exploit. The economics of independent healthcare practice have been deteriorating for years. Physician reimbursement rates have faced repeated proposed cuts, including a proposed reduction of more than 3% for 2024, while labor costs, compliance burdens, and administrative overhead continue to climb.

That pressure creates real susceptibility. A provider seeing fewer patients, carrying practice debt, or watching revenue shrink is more likely to hear a pitch about “maximizing reimbursements” and less likely to scrutinize the arrangement carefully.

The pitch changes depending on who’s being recruited. In pill mill operations, clinic owners are promised steady patient volume in exchange for prescriptions. In auto injury and workers’ compensation schemes, chiropractors and physical therapists are offered a reliable referral pipeline, with the referrals coming from tow truck drivers, attorneys, or “patient coordinators” already embedded in the operation. The provider rarely knows the full picture. They see patients and collect payments while the rest of the operation unfolds behind the scenes.

And once payments start, exit becomes harder. Larger schemes tie participants through shared accounts, shell entities, and revenue agreements structured so that leaving means forfeiting income, or potentially exposing yourself as a participant who now has something to hide.

Step Four: The Provider Becomes the Evidence

By the time a fraud ring is running at scale, the licensed provider is often the most visible component of the operation and the one leaving the most traceable trail.

Claims run through the provider’s NPI (National Provider Identifier). Orders carry the provider’s signature. The billing all flows under the provider’s credentials. The organized criminal who set up the operation, recruited the marketers, and funneled proceeds offshore may be nearly invisible in the claims data. The provider who signed 400 pre-populated orders in a month is not.

This is exactly what investigators found in Operation Gold Rush, where a Russia-based criminal organization used U.S. DME companies, some with legitimate Medicare billing numbers, to submit over $10 billion in fraudulent claims. The foreign organizers coordinated through encrypted messaging and virtual private servers. The claims, however, ran through providers and entities enrolled in the U.S. system. The paper trail ran one direction; the money ran another.

In the 2025 DOJ Takedown, 29 defendants were tied to transnational criminal networks that collectively submitted more than $12 billion in fraudulent claims. These weren’t domestic practitioners running small schemes. They were sophisticated international operations that used licensed U.S. providers as the mechanism for accessing federal healthcare programs.

What This Means for Investigators

Understanding the recruitment pipeline doesn’t excuse participation in fraud. The Anti-Kickback Statute applies regardless of whether a provider believed the arrangement was legitimate, and per-order compensation is a red flag the OIG has specifically and publicly flagged.

In one documented case, an Ohio physician who accepted $291,000 in kickbacks was ordered to pay $7.2 million in restitution; the kickbacks were a fraction of what the scheme cost Medicare.

But understanding how providers get pulled in changes what patterns look like in your claims:

• Sudden volume spikes from a previously low-billing provider are often the first visible signal that a recruitment event happened, including a provider who joined a new telemedicine platform, signed on with a new billing company, or entered a referral relationship.
• The same telemedicine company appearing across dozens of unrelated claims suggests that company is functioning as a document factory rather than a healthcare platform.
• Early attorney involvement in injury claims, combined with a cluster of the same providers appearing together, is consistent with a coordinated referral pipeline rather than organic treatment decisions.
• Clinical notes that look identical across multiple patients could indicate a pre-populated template workflow.

None of these patterns prove fraud on their own. However, each one is consistent with what recruitment into a fraud ring looks like from the outside and is worth a closer look.

Final Thoughts

The 2025 DOJ Takedown proved that federal enforcement is more aggressive and more data-driven than it has ever been. It also proved that fraud rings are adaptive, sophisticated, and very good at making criminal operations look like business opportunities.

The providers charged in those cases represent a range of culpability, from willing participants to people who didn’t fully understand what they’d signed into until it was too late. What they share is that their credentials, their billing numbers, and their signatures became the engine of someone else’s scheme.

When a provider’s behavior changes suddenly, the question isn’t just whether the billing is accurate. It’s whether someone handed them a business card six months ago and told them they were leaving money on the table.

Because somewhere at the end of that thread is usually a much larger operation waiting to be found.

Want to stay ahead of emerging fraud trends and other critical industry issues? Sign up for our upcoming CE courses.

Check out our sources:

Arrangements with Purported Telemedicine Companies.” OIG.hhs.gov, 20 July 2022, oig.hhs.gov/documents/fraud-alerts/912/OIG-SFA-Telemedicine.pdf.

BDO USA. “Healthcare Under Pressure: Financial Risk Factors and Steps for Mitigating Them.” BDO.com, updated 1 Nov. 2024, www.bdo.com/insights/industries/healthcare/healthcare-under-pressure-financial-risk-factors-and-steps-for-mitigating-them.

National Health Care Anti-Fraud Association. “The Challenge of Health Care Fraud.” NHCAA.org, 2019, www.nhcaa.org/tools-insights/about-health-care-fraud/the-challenge-of-health-care-fraud/.

United States, Department of Justice, Office of Public Affairs. “National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud.” Justice.gov, 30 June 2025, www.justice.gov/opa/pr/national-health-care-fraud-takedown-results-324-defendants-charged-connection-over-146.

United States, Department of Justice, U.S. Attorney’s Office, District of Massachusetts. “Owner of Telemedicine Companies Charged with $110 Million Medicare Fraud Scheme.” Justice.gov, 16 Feb. 2024, www.justice.gov/usao-ma/pr/owner-telemedicine-companies-charged-110-million-medicare-fraud-scheme.

United States, Department of Justice, U.S. Attorney’s Office, District of Massachusetts. “Owner of Telemedicine Companies Pleads Guilty to $110 Million Medicare Fraud Scheme.” Justice.gov, 4 Apr. 2024, www.justice.gov/usao-ma/pr/owner-telemedicine-companies-pleads-guilty-110-million-medicare-fraud-scheme.

United States, Government Accountability Office. Medicare: CMS’s Use of Data Analytics to Identify and Prevent Fraud. GAO-26-107799, U.S. GAO, 30 Mar. 2026, www.gao.gov/products/gao-26-107799.