CMS Pauses Medicaid Redeterminations, $44M Telehealth Fraud Scheme

August 01, 2023 - In healthcare policy news this week, CMS is pausing several state coverage redeterminations in light of procedural challenges that have resulted in millions losing their health insurance. Meanwhile, a Massachusetts-based medical equipment scam occurring between 2018 and 2021 was found to have defrauded Medicare of at least $44 million.

VA Deploys Verizon 5G in Palo Alto

Last week, the Department of Veterans Affairs (VA) deployed Verizon’s 5G network across its Palo Alto Healthcare System to provide advanced capabilities to patients. With advanced connectivity, physicians across the system can now incorporate augmented and virtual reality programs.

“The capabilities and solutions we are deploying are designed to improve patient outcomes dramatically, and in doing so, will revolutionize care for our Veterans and around the world,” Thomas Osborne, MD, executive director for the VA Convergence Center (VC2) at the VA Palo Alto Health Care System, said in a press release. “5G solutions enhance our current capabilities while giving us new opportunities to be forward-thinking with pioneering tools.” READ MORE.

CMS Notifies 612,000 of MOVEit Software’s Breach

According to CMS, a MOVEit Managed File Transfer Software vulnerability was exploited in May, leading to a data leak that affected 612,000 Medicare beneficiaries. Maximus, a third party contracted by CMS, noticed the breach after detecting unusual activity with files.

“Maximus notified CMS of the incident on June 2, 2023. To date, the ongoing investigation indicates that on approximately May 27 through 31, 2023, the unauthorized party obtained copies of files saved in the Maximus MOVEit application, but that no CMS system has been compromised,” a notice to impacted individuals stated. READ MORE.

CISA Releases Cybersecurity Advisory on IDOR Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) warned its partners and third parties late last week about insecure direct object reference vulnerabilities in web applications. The joint advisory issued by CISA, the National Security Agency, and the Australian Signals Directorate’s Australian Cyber Security Center identified four types of vulnerabilities that threat actors could exploit. Additionally, the advisory provided a list of detailed mitigation actions that should be taken to avoid a breach. READ MORE.

Telehealth Firm Founder Faces $44 Million Lawsuit

The owner of Conclave Media and Nationwide Health Advocates pleaded guilty to a $44 million telehealth fraud scheme last month. David Santana, the owner of both companies, was charged with one conspiracy to commit fraud after his role in the scheme was revealed. According to a Department of Justice brief, his firms received payment from telemarketers, which they used to order durable medical equipment (DME) for beneficiaries. Records showed that healthcare providers never examined beneficiaries before orders were placed for DME and that the devices were medically unnecessary. READ MORE.

CMS Pauses Medicaid Redetermination in Multiple States

CMS is pausing Medicare redeterminations in at least 12 states after millions lost coverage due to procedural reasons. According to Deputy Administrator of the Center for Medicaid and CHIP Services Dan Tsai, members lost their health insurance due to a lack of awareness, wrong addresses, and beneficiaries not receiving a Medicaid renewal form. Currently, CMS is in talks with additional states about Medicaid issues that may require redetermination pauses. READ MORE.