News from NAMD: Fraudulent Scheme Detected in Several States

Fraudulent EFT Transfer Scheme Traced to Overseas Scammers

The National Association of Medicaid Directors (NAMD) has learned of a fraud email scheme that has potentially impacted several states over the past few days. The scheme, which is being investigated by the Federal Bureau of Investigation, was perpetrated by a sophisticated overseas group which utilized fraudulent emails seeking changes to electronic funds transfers (EFT) to redirect funds to an institutional provider.

The U.S. Department of Health and Human Services Office of the Inspector General issued a notice on this specific scheme and produced a report on this type of fraud scheme. Per the notice, there are some reports that private sector payers have also been targeted but so far there are no known losses associated with commercial insurers. HHS/OIG advises independent verification of authenticity for requested EFT changes and to rely on known contact information rather than information contained within EFT change requests.

NCTracks Security Reminders

North Carolina takes the security of provider payments and data very seriously. To safeguard against these types of fraudulent schemes, NCTracks has implemented multiple layers of enhanced security measures for EFT and Office Administrator (OA) change requests.

Providers are reminded that all EFT and OA change requests submitted to NCTracks must go through a verification process to ensure authenticity. These security enhancements were detailed in our 2022 announcement on Enhanced Security for OA and EFT Change Requests, available here.

Additionally, NCTracks is in the process of rolling out Multi-Factor Authentication (MFA) for all users, further strengthening access control and system security. More information on this requirement is available in the 2025 MFA announcement, located here.

Providers are encouraged to remain vigilant and confirm all change requests through known contacts.