Hesper AI
BlogGuides
GuidesJuly 15, 2026·13 min read·Pankaj Dhariwal

Medical mill fraud in insurance: detection, investigation, and prosecution

Medical mill fraud in insurance is a provider network, not a single bad claim - so per-claim SIU review misses it. How mills work, where they concentrate, the red flags, enforcement, and where AI investigation closes the coverage gap.

PD
Pankaj Dhariwal · CEO and Co-founder
July 15, 2026·13 min read
38,846
NY no-fault fraud reports in 2024
93% of all healthcare fraud reports to DFS (NY DFS 2024 report)
$450M+
American Transit RICO demand
Trebled, vs 180+ defendants for $400M+ billed (Insurance Journal)
25% → 100%
Flagged-claim coverage
Manual SIU vs Hesper across a provider network (Hesper benchmark)
14+ days → 2-4 hrs
Investigation time per claim
Manual SIU vs Hesper (Hesper benchmark)

Medical mill fraud in insurance is not a bad claim - it is a fraudulent business operating as a provider network across auto no-fault/PIP and workers' compensation lines. A mill stages or exaggerates an injury, runs the claimant through a templated treatment protocol, and bills the carrier for care that was unnecessary, upcoded, or never delivered. The same clinic does it hundreds or thousands of times. That structure is exactly what defeats per-claim review: you can win a single claim and still lose the network, because the provider keeps billing while your investigator is buried in the one case.

A medical mill lives in the linkage across claims - the same provider, address, protocol, runner, and attorney recurring across a book of business - not in the anomalies inside any one claim. A single-claim SIU workflow, run 14+ days at a time against a 200+ case backlog, structurally cannot see the network. It samples roughly a quarter of flagged claims and works them one node at a time, while the mill's other claims are paid or queued.

This guide covers what a mill actually is, where the dollars concentrate, the red flags that identify one, what real enforcement looks like, why manual SIU struggles, where AI investigation changes the coverage math, and the regulatory and prosecution paths. It is part of Pillar 2 on fraud typologies - see the insurance fraud detection fundamentals guide for the wider layered model. The fabricated-record and inflated-billing mechanics inside a mill are covered in depth in medical record fraud in insurance claims.

What a medical mill is

A medical mill is a clinic or provider network engineered to generate billable treatment rather than to treat patients. The Insurance Information Institute describes them as criminal groups that create phony clinics filing fraudulent auto insurance medical claims in states with generous benefits, staffed by dishonest doctors and clinics that bill for unnecessary and expensive procedures. The defining trait is direction of causation: treatment is driven by what can be billed, not by what a diagnosis requires.

That distinction matters because it separates a mill from opportunistic claim padding. Padding is one claimant inflating one claim. A mill is an organized operation with a supply chain, which is why regulators and prosecutors increasingly treat it as organized crime. The New York State Department of Financial Services, in its 2024 health-insurance-fraud annual report, lists the mill mechanics as its own named types of healthcare fraud: billing for services never rendered, upcoding, unbundling, medically unnecessary treatment and diagnostics, misrepresenting non-covered services as covered, filing no-fault claims for nonexistent injuries, and accepting kickbacks for patient referrals.

The end-to-end flow

A mill runs as a pipeline with money entering and exiting at defined points. Understanding the flow is what lets an investigator see why single-claim review misses it - each stage is designed to look ordinary in isolation.

  1. Recruitment. Runners or cappers recruit claimants, often from staged or exaggerated accidents, and are paid per body delivered to the clinic. Some rings bribe hospital or dispatch sources to feed accident victims directly.
  2. Injury generation. The claimant arrives from a staged crash, an exaggerated real accident, or a fabricated workplace injury, so there is a plausible loss event on file.
  3. Templated treatment. The clinic applies a predetermined protocol - the same referral, imaging, procedure, and follow-up regardless of the actual injury - because the sequence exists to justify bills, not to match a diagnosis.
  4. Billing. The provider upcodes, unbundles, or invoices for phantom treatment, converting the templated protocol into inflated claims to the no-fault, PIP, or workers' comp carrier.
  5. Kickback flows. Money cycles back out to recruiters, referring attorneys, and litigation-funding companies, and in illegally structured mills up to non-physician owners who secretly control the physician-fronted corporation.

You can win the claim and still lose the network. A medical mill runs as a graph: runners feed staged or exaggerated injuries into a clinic that applies one templated protocol, bills the no-fault or workers' comp carrier, and cycles kickbacks to recruiters, attorneys, and hidden owners - across hundreds of linked claims an SIU works one at a time.

The scale: where mill fraud concentrates

Medical mill fraud concentrates in the auto no-fault/PIP and workers' compensation lines, and in the handful of no-fault states where generous statutory benefits make the scheme profitable. The line-level dollars are large: US insurance fraud runs an estimated $308 billion a year, and mills sit inside the property-casualty, workers' comp, and auto shares of that total.

Per the Insurance Information Institute, citing the Coalition Against Insurance Fraud, total US insurance fraud is roughly $308.6 billion annually, including about $45 billion in property-casualty and $34 billion in workers' compensation, with auto insurance fraud running at least $29 billion a year per a Verisk study. Fraud is present in roughly 10% of P&C claims. The no-fault states where mills cluster - Florida, Michigan, New Jersey, New York, Pennsylvania, and other PIP jurisdictions - are where those dollars pool, because PIP pays medical bills regardless of fault and with limited pre-payment scrutiny.

New York is the clearest window because its regulator publishes the numbers. The DFS Insurance Frauds Bureau received 41,686 suspected healthcare fraud reports in 2024, and 38,846 of those - 93% - were no-fault reports. Healthcare fraud made up roughly 80% of all fraud reports the bureau received that year. No-fault reporting has climbed every year, from 19,153 in 2020 to 38,846 in 2024, a 15.5% jump in the last year alone. That trend line is the mill economy scaling, not a reporting artifact.

NY no-fault fraud reports to DFS, 2020-2024 (NY DFS 2024 health fraud report, Fig. 1)

202019,153
202123,279
202228,145
202333,646
202438,846

The staged crash is usually the front end of this pipeline, which is why the no-fault mill and the accident ring are the same problem viewed from two ends. For the front-end mechanics - swoop-and-squat setups, seat-switching, and runner recruitment - see auto insurance fraud investigation and staged accidents and fraud rings. The same networks also target workers' comp through provider collusion in workers' comp, where a firm documents a fabricated workplace injury and a colluding clinic performs unnecessary treatment.

Red flags: how a mill shows up in the data

A medical mill shows up as patterns across claims, not as a signal inside a single claim - which is precisely why single-claim review misses it. Any one indicator is weak on its own. The mill signature is the correlation: the same address, protocol, ownership structure, or runner recurring across a provider's book, visible only when claims are linked and examined together.

CategoryRed flagWhy it signals a mill
Provider clusteringMultiple practices sharing one address, phone, or billing agentMills spin up multiple corporate shells at a single site - in one NY case, over 30 medical practices operated from a single Brooklyn address
OwnershipPhysician-fronted corporations controlled by non-medical ownersIllegal under most state no-fault statutes; the structure in the Petrosyants and Khaimov cases
Treatment templatingIdentical protocol across unrelated patients - same referral, procedure, and post-opThe American Transit predetermined fraudulent protocol: treatment driven by billing, not diagnosis
Billing patternsUpcoding, unbundling, high-cost CPT clusters, phantom treatmentNY DFS-named mechanics; bills for services never rendered or more expensive than provided
Patient overlapSame claimants, attorneys, or runners recurring across a provider's bookRunner and capper networks feed the same clinics; shared claimant and attorney graphs
Referral / kickback flowPayments to recruiters, funding-company advances, attorney referralsKickbacks for patient referrals and laundered funding-company advances
Injury inconsistencyDamage or injury inconsistent with the reported accidentVehicle damage that cannot produce the alleged injuries points to a staged or exaggerated loss

The catalog also explains why naive rules alone are not enough. Rules-based fraud scoring on a single claim produces a 60-85% false-positive rate, because most of these flags are individually ambiguous - one clinic at a shared address is common; thirty at one address is a mill. Confirming the signature requires linking claims and investigating the network, not raising a flag on each claim in isolation. Detection surfaces the cluster; the confirmation is investigation work.

The unit of analysis is the network, not the claim

This is the distinction that governs everything downstream. A single claim can look clean and still be a node in a mill. The fraud is a property of the graph - the provider, address, claimant, attorney, and billing pattern linked across many claims - so the right unit of investigation is the provider network. An SIU that reviews one flagged claim at a time is examining one node of a graph it cannot see. That is not a diligence failure; it is a structural mismatch between how mills are built and how manual investigation is scoped.

Enforcement: what real mill takedowns look like

Medical mills are prosecuted as organized crime - increasingly under RICO, with multi-year prison sentences on the criminal side and treble-damage civil suits on the insurer side. The cases below are all no-fault or PIP mills, and each turns on the same network mechanics: templated treatment, hidden ownership, kickbacks, and claims linked across a provider's book.

The largest recent civil action is American Transit Insurance Company's RICO suit. Per Insurance Journal, the New York taxi insurer sued more than 180 ambulatory surgery centers and healthcare entities across New York and New Jersey, seeking over $450 million in trebled damages for more than $400 million billed under what the complaint calls a predetermined fraudulent protocol: standard clinic to orthopedic or pain referral to unnecessary surgery at an ASC and back to the same clinic post-op. The network touched more than 5,800 covered persons, and American Transit estimated in the filing that 60-70% of its 250,000-plus annual claims were fraudulent - the carrier's own estimate in a legal filing, not an industry-wide figure.

On the criminal side, the US Attorney for the Southern District of New York obtained sentences of 15, 12, and 7 years against Peter Khaimov, Alexander Gulkarov, and Roman Israilov for a $40 million no-fault fraud run from 2014 to 2021 through sham medical clinics and pharmacies falsely represented as physician-owned, per the DOJ SDNY announcement. The convictions turned partly on providers lying under oath at Examinations Under Oath about who really owned and controlled the clinics - a reminder that the EUO is a central evidentiary tool against hidden-ownership mills.

Mills scale down as well as up. In a Florida PIP case investigated by the state Department of Financial Services and reported by Insurance Journal, four defendants staged an accident, visited a physical-therapy clinic where a therapist supplied blank therapy forms, and signed for treatments never received - about $37,000 billed and roughly $10,000 paid in PIP by the carrier. Same signature, smaller scale: the blank form is phantom treatment made portable. Across all these, New York's DFS bureau opened 71 healthcare fraud investigations and made 42 arrests in 2024.

The through-line in every mill prosecution is that the evidence is relational. The case is not made on one claim - it is made on the provider linked to a protocol linked to an ownership structure linked to a payment flow across hundreds of claims. That is why the investigative work that survives an EUO or a RICO complaint is graph work, and why coverage of the whole network, not depth on one claim, is what turns a flag into a case.

Hesper AI product research

Why manual SIU struggles with mills

Manual SIU struggles with medical mills because the fraud lives in cross-claim linkage while manual capacity forces per-claim triage. With investigators carrying 200+ cases and each investigation running 14+ days, most US carriers fully investigate only about 25% of flagged claims. Against a mill, that means an SIU can win one claim while the same provider keeps billing hundreds more that are paid or sit in the queue.

Work the arithmetic the way a claims leader would. A single mill provider in an American-Transit-scale network touches thousands of covered persons. At 200+ cases per investigator and roughly 10 completed investigations per investigator per month, an SIU has capacity to fully work only a fraction of the flags that one provider generates. Investigating one linked claim at 25% coverage leaves the other three-quarters of the network's claims paid or queued. You can win the node and lose the graph - and the graph is where the loss-cost concentration is.

There is also a linkage ceiling independent of headcount. A human investigator can hold a handful of claims in working memory at once, but a provider-network graph spans thousands of claims, addresses, claimants, and attorneys. Detection tools - Verisk ClaimSearch cross-carrier matching, BAE Systems NetReveal network analysis - are genuinely good at surfacing that cluster: the same provider or address appearing across carriers is exactly what contributory-data matching catches. But surfacing the cluster is not investigating it. The per-claim workflow that turns a flagged cluster into defensible findings still runs manually, one node at a time.

Where AI investigation changes the math

AI investigation changes the medical mill math by decoupling coverage from headcount: detection surfaces the provider cluster, and autonomous investigation then resolves every claim in it rather than the 25% an SIU has capacity for. That single shift - flagged-claim coverage from about 25% to 100% - is what makes the network, not just one node, investigable. Detection is upstream; investigation is downstream.

Hesper AI runs 15+ investigation phases in parallel on each flagged claim - link analysis across claims, provider-network graphing, billing and CPT anomaly detection, statement and EUO cross-reference, timeline reconstruction - and completes a case in 2-4 hours rather than 14+ days, at roughly $150 per case versus about $2,500 manually. Throughput moves from around 10 investigations per investigator per month to 800+. Because every flagged claim in a provider's book can be worked, the correlation across claims - the mill signature itself - becomes visible as investigation output, not as a hunch a human runs out of time to confirm.

DimensionManual SIUAI-assisted investigation (Hesper)
Unit of workOne flagged claim at a timeEvery flagged claim in the provider network
Time per case14+ days2-4 hours
Flagged-claim coverage~25%100%
Throughput / investigator / month~10800+
Cost per investigated case~$2,500~$150
Cross-claim linkageManual, limited by analyst attention15+ phases in parallel, incl. provider-network graphing across claims
OutputCase file after weeksAudit-ready, EUO/SAR-defensible finding per claim
LayerInvestigation (capacity-bound)Investigation (downstream of FRISS / Shift / Verisk detection)

The positioning here is precise, and it survives the copy-paste test. Hesper is not a detection or link-analysis replacement. Verisk ClaimSearch and BAE NetReveal surface the cluster; Hesper investigates each claim inside it end to end. It is complementary to FRISS, Shift Technology, and Verisk, not a replacement, and it can also run standalone. The open gap it fills is the one no detection vendor closes: moving from this provider cluster looks like a mill to here are audit-ready findings on all 400 linked claims. That closure is the investigation layer - from fraud detection to fraud resolution.

For a compliance officer, the defensibility property is the point. Every phase Hesper runs is logged with its sources, reasoning, and timestamps, so each finding is produced as an audit-trail-native record. Against a mill, that matters because the case will be tested at an EUO, in a SAR, or in a state-DOI review, and the evidence has to be reconstructable across the whole network. Uniform 15+-phase investigation on every flagged claim is also more consistent than selective manual investigation of a quarter of flags - consistency that is itself a control when the findings are challenged.

Regulatory and prosecution pathways

Medical mills are prosecuted through three converging pathways: state insurance-fraud bureaus, no-fault and workers' comp statutes, and increasingly RICO - used both criminally by prosecutors and civilly by insurers seeking treble damages. The investigation that feeds all three treats the provider network as the unit of proof, because the relational evidence is what holds up.

State fraud bureaus supply the front-line enforcement structure. In New York, insurer SIUs operate under mandatory-reporting and fraud-prevention-plan obligations, and the DFS Insurance Frauds Bureau - which coordinated 54 insurer SIUs in the state in 2024 - opened 71 healthcare fraud investigations and made 42 arrests that year. No-fault statutes add leverage the mill cannot easily escape: physician-fronted corporations secretly controlled by non-medical owners are illegal on their face, which is why hidden-ownership testimony at EUOs is such a load-bearing piece of evidence.

RICO is the escalation path when the network is large enough. Criminally, the Khaimov clinics case produced 15, 12, and 7-year sentences on a $40 million no-fault scheme. Civilly, American Transit's $450 million-plus suit against 180-plus defendants shows carriers using RICO to pursue trebled recovery against an entire mill at once rather than clawing back one claim at a time. The National Health Care Anti-Fraud Association, cited in the DFS report, puts total US healthcare fraud somewhere between $30 billion and $300 billion a year - a wide band that reflects how much of the mill economy never surfaces. Closing that gap is a coverage problem before it is a prosecution problem: you cannot prosecute the network you never fully investigated.

Key takeaways

  • A medical mill is a fraudulent provider network, not a single bad claim - it stages or exaggerates injuries, applies a templated treatment protocol, and bills auto no-fault/PIP and workers' comp carriers at scale, so per-claim review structurally misses it.
  • Mill fraud concentrates in no-fault states and lines: New York's DFS received 38,846 suspected no-fault fraud reports in 2024, 93% of all healthcare fraud reports, up 15.5% year over year and roughly double the 2020 level.
  • The mill signature is a pattern across claims - shared addresses, physician-fronted corporations with hidden owners, identical protocols, upcoding, and recurring runners and attorneys - not an anomaly inside any one claim, so link analysis across a provider network matters more than deep review of one claim.
  • Mills are prosecuted as organized crime under RICO: the Khaimov clinics case produced 15, 12, and 7-year sentences on a $40 million scheme, and American Transit's civil RICO suit sought $450 million-plus in trebled damages against 180-plus defendants.
  • Manual SIU fully investigates only about 25% of flagged claims at 14+ days each, so it wins one node while the network keeps billing; AI investigation runs 15+ phases in parallel in 2-4 hours per claim, lifting coverage to 100% and making the whole network - not just one node - investigable, downstream of and complementary to FRISS, Shift Technology, and Verisk.

Frequently asked questions

A medical mill is a clinic or provider network set up to generate fraudulent or medically unnecessary treatment and bill it to insurers, primarily auto no-fault/PIP and workers' compensation carriers. The Insurance Information Institute describes them as phony clinics that file fraudulent auto insurance medical claims, often physician-fronted but controlled by non-medical owners. A mill runs end to end: runners recruit patients, frequently from staged or exaggerated accidents, the clinic applies a templated treatment protocol, and the billing side upcodes, unbundles, or invoices for phantom treatment. Kickbacks flow back to recruiters, attorneys, and funding companies. Unlike opportunistic claim padding, a mill is an organized business, which is why regulators and prosecutors increasingly treat it as organized crime under RICO.

US insurance fraud costs an estimated $308 billion a year per the Coalition Against Insurance Fraud, including roughly $45 billion in property-casualty and $34 billion in workers' compensation, with auto insurance fraud alone running at least $29 billion. Medical mills concentrate in the no-fault/PIP and workers' comp lines. In New York, the Department of Financial Services received 38,846 suspected no-fault fraud reports in 2024, which was 93% of all healthcare fraud reports to the state and up 15.5% from 2023. One New York insurer, American Transit, estimated in a 2024 RICO filing that 60-70% of its 250,000-plus annual claims were fraudulent. The National Health Care Anti-Fraud Association puts total US healthcare fraud between $30 billion and $300 billion a year.

Medical mills show up as patterns across claims, not signals in a single claim. Key red flags: multiple practices sharing one address, phone, or billing agent; physician-fronted corporations actually controlled by non-medical owners, which is illegal under most no-fault statutes; identical treatment protocols across unrelated patients regardless of injury; billing patterns like upcoding, unbundling, and phantom treatment; recurring claimants, attorneys, or runners across one provider's book; and injuries inconsistent with the reported accident. In one New York case, more than 30 medical practices operated from a single Brooklyn address. Any one flag is weak; the mill signature is the correlation across many claims, which is why link analysis across a provider network matters more than reviewing one claim in isolation.

Investigation starts by treating the provider network as the unit, not the individual claim - linking claims by provider, address, claimant, attorney, and billing pattern, then examining treatment records, CPT codes, and referral flows. Examinations Under Oath are a core tool: in one $40 million New York case, providers were convicted partly for lying under oath about who really owned and controlled the clinics. Prosecution runs through state fraud bureaus - New York's IFB opened 71 healthcare fraud cases and made 42 arrests in 2024 - no-fault statutes, and increasingly RICO. RICO is used both criminally, as in the Khaimov clinics case with 15, 12, and 7-year sentences, and civilly by insurers seeking treble damages, as in American Transit's $450 million-plus suit against 180-plus defendants.

Manual SIU is capacity-bound in exactly the way a mill exploits. With investigators carrying 200-plus cases and each investigation taking 14 or more days, most US carriers fully investigate only about 25% of flagged claims. Against a mill, that means an SIU can win one claim while the same provider keeps billing hundreds more that are paid or sit queued. The fraud lives in cross-claim linkage - a provider network graphed across thousands of claims - but a human investigator can only hold a few claims in view at once. Detection tools like Verisk ClaimSearch or BAE NetReveal can surface the cluster through cross-carrier matching and network analysis, but the per-claim investigation that turns a flagged cluster into defensible findings still runs manually, one node at a time.

Detection is upstream; investigation is downstream. Detection vendors flag a suspicious provider cluster; autonomous AI investigation then resolves every claim in that cluster instead of the 25% an SIU has capacity for. Hesper AI runs 15-plus investigation phases in parallel per claim - link analysis across claims, provider-network graphing, billing and CPT anomaly detection, statement and EUO cross-reference, timeline reconstruction - in 2-4 hours rather than 14-plus days, at roughly $150 per case versus about $2,500 manually. That lifts flagged-claim coverage from about 25% to 100%, so the whole network becomes investigable, not just one node. It is complementary to FRISS, Shift Technology, and Verisk, not a replacement, and every finding is produced as an audit-ready, EUO- and SAR-defensible record.

Medical mills concentrate in true no-fault and PIP states, where statutory medical benefits pay regardless of fault and with limited pre-payment scrutiny. The Insurance Information Institute lists the true no-fault states as including Florida, Michigan, New Jersey, New York, and Pennsylvania, among other PIP jurisdictions. New York is the most documented because its Department of Financial Services publishes annual figures: 38,846 suspected no-fault fraud reports in 2024, 93% of all healthcare fraud reports to the state. Florida sees frequent PIP mill cases as well, such as a 2024 clinic case where blank therapy forms were used to bill for treatment never rendered. The common factor is not geography for its own sake but the no-fault benefit structure that makes the scheme profitable.

← More articles on the Hesper AI blog

See Hesper AI on your documents

Request a demo and we'll run an analysis on your real document samples.