Medical mill fraud in insurance is not a bad claim - it is a fraudulent business operating as a provider network across auto no-fault/PIP and workers' compensation lines. A mill stages or exaggerates an injury, runs the claimant through a templated treatment protocol, and bills the carrier for care that was unnecessary, upcoded, or never delivered. The same clinic does it hundreds or thousands of times. That structure is exactly what defeats per-claim review: you can win a single claim and still lose the network, because the provider keeps billing while your investigator is buried in the one case.
A medical mill lives in the linkage across claims - the same provider, address, protocol, runner, and attorney recurring across a book of business - not in the anomalies inside any one claim. A single-claim SIU workflow, run 14+ days at a time against a 200+ case backlog, structurally cannot see the network. It samples roughly a quarter of flagged claims and works them one node at a time, while the mill's other claims are paid or queued.
This guide covers what a mill actually is, where the dollars concentrate, the red flags that identify one, what real enforcement looks like, why manual SIU struggles, where AI investigation changes the coverage math, and the regulatory and prosecution paths. It is part of Pillar 2 on fraud typologies - see the insurance fraud detection fundamentals guide for the wider layered model. The fabricated-record and inflated-billing mechanics inside a mill are covered in depth in medical record fraud in insurance claims.
What a medical mill is
A medical mill is a clinic or provider network engineered to generate billable treatment rather than to treat patients. The Insurance Information Institute describes them as criminal groups that create phony clinics filing fraudulent auto insurance medical claims in states with generous benefits, staffed by dishonest doctors and clinics that bill for unnecessary and expensive procedures. The defining trait is direction of causation: treatment is driven by what can be billed, not by what a diagnosis requires.
That distinction matters because it separates a mill from opportunistic claim padding. Padding is one claimant inflating one claim. A mill is an organized operation with a supply chain, which is why regulators and prosecutors increasingly treat it as organized crime. The New York State Department of Financial Services, in its 2024 health-insurance-fraud annual report, lists the mill mechanics as its own named types of healthcare fraud: billing for services never rendered, upcoding, unbundling, medically unnecessary treatment and diagnostics, misrepresenting non-covered services as covered, filing no-fault claims for nonexistent injuries, and accepting kickbacks for patient referrals.
The end-to-end flow
A mill runs as a pipeline with money entering and exiting at defined points. Understanding the flow is what lets an investigator see why single-claim review misses it - each stage is designed to look ordinary in isolation.
- Recruitment. Runners or cappers recruit claimants, often from staged or exaggerated accidents, and are paid per body delivered to the clinic. Some rings bribe hospital or dispatch sources to feed accident victims directly.
- Injury generation. The claimant arrives from a staged crash, an exaggerated real accident, or a fabricated workplace injury, so there is a plausible loss event on file.
- Templated treatment. The clinic applies a predetermined protocol - the same referral, imaging, procedure, and follow-up regardless of the actual injury - because the sequence exists to justify bills, not to match a diagnosis.
- Billing. The provider upcodes, unbundles, or invoices for phantom treatment, converting the templated protocol into inflated claims to the no-fault, PIP, or workers' comp carrier.
- Kickback flows. Money cycles back out to recruiters, referring attorneys, and litigation-funding companies, and in illegally structured mills up to non-physician owners who secretly control the physician-fronted corporation.
You can win the claim and still lose the network. A medical mill runs as a graph: runners feed staged or exaggerated injuries into a clinic that applies one templated protocol, bills the no-fault or workers' comp carrier, and cycles kickbacks to recruiters, attorneys, and hidden owners - across hundreds of linked claims an SIU works one at a time.
The scale: where mill fraud concentrates
Medical mill fraud concentrates in the auto no-fault/PIP and workers' compensation lines, and in the handful of no-fault states where generous statutory benefits make the scheme profitable. The line-level dollars are large: US insurance fraud runs an estimated $308 billion a year, and mills sit inside the property-casualty, workers' comp, and auto shares of that total.
Per the Insurance Information Institute, citing the Coalition Against Insurance Fraud, total US insurance fraud is roughly $308.6 billion annually, including about $45 billion in property-casualty and $34 billion in workers' compensation, with auto insurance fraud running at least $29 billion a year per a Verisk study. Fraud is present in roughly 10% of P&C claims. The no-fault states where mills cluster - Florida, Michigan, New Jersey, New York, Pennsylvania, and other PIP jurisdictions - are where those dollars pool, because PIP pays medical bills regardless of fault and with limited pre-payment scrutiny.
New York is the clearest window because its regulator publishes the numbers. The DFS Insurance Frauds Bureau received 41,686 suspected healthcare fraud reports in 2024, and 38,846 of those - 93% - were no-fault reports. Healthcare fraud made up roughly 80% of all fraud reports the bureau received that year. No-fault reporting has climbed every year, from 19,153 in 2020 to 38,846 in 2024, a 15.5% jump in the last year alone. That trend line is the mill economy scaling, not a reporting artifact.
NY no-fault fraud reports to DFS, 2020-2024 (NY DFS 2024 health fraud report, Fig. 1)
The staged crash is usually the front end of this pipeline, which is why the no-fault mill and the accident ring are the same problem viewed from two ends. For the front-end mechanics - swoop-and-squat setups, seat-switching, and runner recruitment - see auto insurance fraud investigation and staged accidents and fraud rings. The same networks also target workers' comp through provider collusion in workers' comp, where a firm documents a fabricated workplace injury and a colluding clinic performs unnecessary treatment.
Red flags: how a mill shows up in the data
A medical mill shows up as patterns across claims, not as a signal inside a single claim - which is precisely why single-claim review misses it. Any one indicator is weak on its own. The mill signature is the correlation: the same address, protocol, ownership structure, or runner recurring across a provider's book, visible only when claims are linked and examined together.
The catalog also explains why naive rules alone are not enough. Rules-based fraud scoring on a single claim produces a 60-85% false-positive rate, because most of these flags are individually ambiguous - one clinic at a shared address is common; thirty at one address is a mill. Confirming the signature requires linking claims and investigating the network, not raising a flag on each claim in isolation. Detection surfaces the cluster; the confirmation is investigation work.
The unit of analysis is the network, not the claim
This is the distinction that governs everything downstream. A single claim can look clean and still be a node in a mill. The fraud is a property of the graph - the provider, address, claimant, attorney, and billing pattern linked across many claims - so the right unit of investigation is the provider network. An SIU that reviews one flagged claim at a time is examining one node of a graph it cannot see. That is not a diligence failure; it is a structural mismatch between how mills are built and how manual investigation is scoped.
Enforcement: what real mill takedowns look like
Medical mills are prosecuted as organized crime - increasingly under RICO, with multi-year prison sentences on the criminal side and treble-damage civil suits on the insurer side. The cases below are all no-fault or PIP mills, and each turns on the same network mechanics: templated treatment, hidden ownership, kickbacks, and claims linked across a provider's book.
The largest recent civil action is American Transit Insurance Company's RICO suit. Per Insurance Journal, the New York taxi insurer sued more than 180 ambulatory surgery centers and healthcare entities across New York and New Jersey, seeking over $450 million in trebled damages for more than $400 million billed under what the complaint calls a predetermined fraudulent protocol: standard clinic to orthopedic or pain referral to unnecessary surgery at an ASC and back to the same clinic post-op. The network touched more than 5,800 covered persons, and American Transit estimated in the filing that 60-70% of its 250,000-plus annual claims were fraudulent - the carrier's own estimate in a legal filing, not an industry-wide figure.
On the criminal side, the US Attorney for the Southern District of New York obtained sentences of 15, 12, and 7 years against Peter Khaimov, Alexander Gulkarov, and Roman Israilov for a $40 million no-fault fraud run from 2014 to 2021 through sham medical clinics and pharmacies falsely represented as physician-owned, per the DOJ SDNY announcement. The convictions turned partly on providers lying under oath at Examinations Under Oath about who really owned and controlled the clinics - a reminder that the EUO is a central evidentiary tool against hidden-ownership mills.
Mills scale down as well as up. In a Florida PIP case investigated by the state Department of Financial Services and reported by Insurance Journal, four defendants staged an accident, visited a physical-therapy clinic where a therapist supplied blank therapy forms, and signed for treatments never received - about $37,000 billed and roughly $10,000 paid in PIP by the carrier. Same signature, smaller scale: the blank form is phantom treatment made portable. Across all these, New York's DFS bureau opened 71 healthcare fraud investigations and made 42 arrests in 2024.
Why manual SIU struggles with mills
Manual SIU struggles with medical mills because the fraud lives in cross-claim linkage while manual capacity forces per-claim triage. With investigators carrying 200+ cases and each investigation running 14+ days, most US carriers fully investigate only about 25% of flagged claims. Against a mill, that means an SIU can win one claim while the same provider keeps billing hundreds more that are paid or sit in the queue.
Work the arithmetic the way a claims leader would. A single mill provider in an American-Transit-scale network touches thousands of covered persons. At 200+ cases per investigator and roughly 10 completed investigations per investigator per month, an SIU has capacity to fully work only a fraction of the flags that one provider generates. Investigating one linked claim at 25% coverage leaves the other three-quarters of the network's claims paid or queued. You can win the node and lose the graph - and the graph is where the loss-cost concentration is.
There is also a linkage ceiling independent of headcount. A human investigator can hold a handful of claims in working memory at once, but a provider-network graph spans thousands of claims, addresses, claimants, and attorneys. Detection tools - Verisk ClaimSearch cross-carrier matching, BAE Systems NetReveal network analysis - are genuinely good at surfacing that cluster: the same provider or address appearing across carriers is exactly what contributory-data matching catches. But surfacing the cluster is not investigating it. The per-claim workflow that turns a flagged cluster into defensible findings still runs manually, one node at a time.
Where AI investigation changes the math
AI investigation changes the medical mill math by decoupling coverage from headcount: detection surfaces the provider cluster, and autonomous investigation then resolves every claim in it rather than the 25% an SIU has capacity for. That single shift - flagged-claim coverage from about 25% to 100% - is what makes the network, not just one node, investigable. Detection is upstream; investigation is downstream.
Hesper AI runs 15+ investigation phases in parallel on each flagged claim - link analysis across claims, provider-network graphing, billing and CPT anomaly detection, statement and EUO cross-reference, timeline reconstruction - and completes a case in 2-4 hours rather than 14+ days, at roughly $150 per case versus about $2,500 manually. Throughput moves from around 10 investigations per investigator per month to 800+. Because every flagged claim in a provider's book can be worked, the correlation across claims - the mill signature itself - becomes visible as investigation output, not as a hunch a human runs out of time to confirm.
The positioning here is precise, and it survives the copy-paste test. Hesper is not a detection or link-analysis replacement. Verisk ClaimSearch and BAE NetReveal surface the cluster; Hesper investigates each claim inside it end to end. It is complementary to FRISS, Shift Technology, and Verisk, not a replacement, and it can also run standalone. The open gap it fills is the one no detection vendor closes: moving from this provider cluster looks like a mill to here are audit-ready findings on all 400 linked claims. That closure is the investigation layer - from fraud detection to fraud resolution.
For a compliance officer, the defensibility property is the point. Every phase Hesper runs is logged with its sources, reasoning, and timestamps, so each finding is produced as an audit-trail-native record. Against a mill, that matters because the case will be tested at an EUO, in a SAR, or in a state-DOI review, and the evidence has to be reconstructable across the whole network. Uniform 15+-phase investigation on every flagged claim is also more consistent than selective manual investigation of a quarter of flags - consistency that is itself a control when the findings are challenged.
Regulatory and prosecution pathways
Medical mills are prosecuted through three converging pathways: state insurance-fraud bureaus, no-fault and workers' comp statutes, and increasingly RICO - used both criminally by prosecutors and civilly by insurers seeking treble damages. The investigation that feeds all three treats the provider network as the unit of proof, because the relational evidence is what holds up.
State fraud bureaus supply the front-line enforcement structure. In New York, insurer SIUs operate under mandatory-reporting and fraud-prevention-plan obligations, and the DFS Insurance Frauds Bureau - which coordinated 54 insurer SIUs in the state in 2024 - opened 71 healthcare fraud investigations and made 42 arrests that year. No-fault statutes add leverage the mill cannot easily escape: physician-fronted corporations secretly controlled by non-medical owners are illegal on their face, which is why hidden-ownership testimony at EUOs is such a load-bearing piece of evidence.
RICO is the escalation path when the network is large enough. Criminally, the Khaimov clinics case produced 15, 12, and 7-year sentences on a $40 million no-fault scheme. Civilly, American Transit's $450 million-plus suit against 180-plus defendants shows carriers using RICO to pursue trebled recovery against an entire mill at once rather than clawing back one claim at a time. The National Health Care Anti-Fraud Association, cited in the DFS report, puts total US healthcare fraud somewhere between $30 billion and $300 billion a year - a wide band that reflects how much of the mill economy never surfaces. Closing that gap is a coverage problem before it is a prosecution problem: you cannot prosecute the network you never fully investigated.
Key takeaways
- A medical mill is a fraudulent provider network, not a single bad claim - it stages or exaggerates injuries, applies a templated treatment protocol, and bills auto no-fault/PIP and workers' comp carriers at scale, so per-claim review structurally misses it.
- Mill fraud concentrates in no-fault states and lines: New York's DFS received 38,846 suspected no-fault fraud reports in 2024, 93% of all healthcare fraud reports, up 15.5% year over year and roughly double the 2020 level.
- The mill signature is a pattern across claims - shared addresses, physician-fronted corporations with hidden owners, identical protocols, upcoding, and recurring runners and attorneys - not an anomaly inside any one claim, so link analysis across a provider network matters more than deep review of one claim.
- Mills are prosecuted as organized crime under RICO: the Khaimov clinics case produced 15, 12, and 7-year sentences on a $40 million scheme, and American Transit's civil RICO suit sought $450 million-plus in trebled damages against 180-plus defendants.
- Manual SIU fully investigates only about 25% of flagged claims at 14+ days each, so it wins one node while the network keeps billing; AI investigation runs 15+ phases in parallel in 2-4 hours per claim, lifting coverage to 100% and making the whole network - not just one node - investigable, downstream of and complementary to FRISS, Shift Technology, and Verisk.