The Justice Department’s (DOJ) 2026 National Health Care Fraud Takedown will understandably be read by many health care organizations as another Medicare fraud announcement. The headline figures are significant: the DOJ announced charges against 455 defendants, including 90 doctors and other licensed medical professionals. But one of the most important takeaways is not about Medicare at all. It is that Medicaid and state health care programs are becoming a central part of the government’s enforcement strategy. We have previously discussed this development, but we expound upon this theme here.
The DOJ expressly described the takedown as including the largest number of Medicaid fraud defendants and the largest Medicaid fraud loss charged in department history: 295 defendants and more than $518 million in alleged false claims submitted to Medicaid. The DOJ also emphasized that the takedown involved cases in 56 federal districts and 45 states and territories, with 50 state Medicaid Fraud Control Units participating, which the DOJ called the most in its history.
That framing matters. Medicaid is not simply “Medicare for a different population.” Medicaid is administered by states according to federal requirements and funded jointly by states and the federal government. Federal funding percentages (known as Federal Medical Assistance Percentage, or FMAP) range from 50% to 76.9% for FY 2026. Medicaid and Medicaid Managed Care plans have separate rules, regulations, and statutes that do not wholly overlap with Medicare. The state structure creates an enforcement environment that is more fragmented, more local, and often more nuanced than traditional federal Medicare cases. For clients, the practical point is simple: a defense strategy that works in a Medicare case may not fit a Medicaid matter unless clients and counsel understand the specific state program, state plan, waiver authority, managed care rules, provider manuals, prior authorization practices, and state-level enforcement culture.
Traditional health care fraud enforcement has often been driven by a familiar federal template: Medicare billing data, federal program rules, national or local coverage criteria, federal anti-kickback theories, and federal prosecutors or strike forces. Medicaid cases can involve those tools, but they often add state-specific program design, state administrative rules, state Medicaid agency guidance, state attorneys general, Medicaid Fraud Control Units, managed-care organizations, and program requirements that may differ materially from Medicare norms. Moreover, state statutes have different elements, investigations are run by different state agencies, and states have different views on whether inappropriate conduct is a civil, criminal, or administrative offense.
The 2026 takedown illustrates the point. The DOJ described an Illinois Medicaid behavioral health case in which the defendant allegedly billed for 500 or more hours of counseling and therapy services per day, far more than staff could have provided, even if all providers worked around the clock, and allegedly diverted more than $27 million to brokerage accounts, $10 million to a luxury car dealership, $4 million for real estate purchases and home improvements, and additional funds for jewelry, watches, and vehicles. The DOJ also described a New York Medicaid social adult day care case involving an alleged $38 million fraud based on services that were medically unnecessary, procured through kickbacks to marketers and beneficiaries, or not provided at all, with facilities allegedly billing for hundreds of beneficiaries per day despite a permitted occupancy of only 30 people. In Virginia, the DOJ described an alleged $49 million Medicaid fraud scheme in which a mental health company allegedly targeted homeless individuals by offering hotel stays in exchange for Medicaid numbers that were then used to bill for crisis stabilization services the individuals did not need or receive.
These are not merely Medicare-style coding cases with a different payer name. They involve alleged schemes concerning state Medicaid behavioral health benefits, social adult day care programs reimbursable by Medicaid (and not Medicare), crisis stabilization services, personal care services, and populations that may be served through state-specific eligibility rules, waiver programs, community-based service models, and managed-care arrangements. The enforcement theory may still sound familiar: services not rendered, medical necessity, kickbacks, false documentation, and patient targeting. But the legal and factual analysis often turns on the details of the state program.
Why the Government Is Increasingly Focused on Medicaid
Several forces are driving the increased focus. Medicaid covers large and vulnerable populations, including eligible low-income adults, children, pregnant women, elderly adults, and people with disabilities. Medicaid also includes service categories that can be difficult to verify after services have been rendered, such as behavioral health, home- and community-based services, personal care, social adult day care, and crisis stabilization. Those categories can be clinically important and entirely legitimate, but they also present enforcement risk when documentation is thin, supervision is weak, or billing data shows implausible utilization.
The press release also described an Alaska case brought by state prosecutors for medical assistance fraud, in which a personal care attendant allegedly submitted false claims for regularly attending to a Medicaid recipient’s health and hygiene while the recipient had been hospitalized after suffering severe neglect. That example underscores that Medicaid enforcement is not limited to large national schemes; it can involve state prosecutors, small-dollar matters, local service models, and patient-neglect narratives.
The 2026 takedown shows that federal and state authorities are now coordinating to address those risks. The DOJ described the takedown as a “new era in federal, state, and international cooperation,” and identified Medicaid Fraud Control Units across the country as core partners in the effort.
- Analyze Medicaid issues separately from Medicare: Do not assume Medicare coverage, billing, or medical-necessity concepts apply to a state Medicaid program. For any investigation, audit, or overpayment issue, identify the state Medicaid rule, provider manual, waiver, managed-care contract, bulletin, or agency guidance that governed at the time of service.
- Map state-specific service models: Behavioral health, personal care, social adult day care, crisis stabilization, and home- and community-based services often depend on state-specific program design. Providers should maintain compliance matrices that connect each billed service to the applicable state rule, staffing requirement, supervision requirement, documentation element, and authorization standard.
- Prepare for both federal and state actors: Medicaid matters may involve the DOJ, U.S. Attorneys’ Offices, Department of Health and Human Services Office of Inspector General (HHS-OIG), state attorneys general, Medical Care Fraud Units (MFCUs), state Medicaid agencies, and managed-care plans. Response strategy should account for overlapping authorities, different remedies, and different incentives among those actors.
- Use state-level analytics defensively: Providers should monitor impossible or implausible billing patterns, such as excessive hours per day, occupancy mismatches, repeated services during incarceration or hospitalization, and unusually high utilization by location, clinician, referral source, or beneficiary group. These are exactly the kinds of patterns that can convert a compliance issue into an enforcement narrative.
- Do not concede the wrong rulebook: In Medicaid investigations, one of the most important defense questions is whether the government — no matter which component — is applying the correct legal standard. If the state relies on Medicare principles, commercial-payer expectations, or generalized medical-necessity concepts, potential defendants would be well-served by testing whether those principles actually applied to the state Medicaid program at issue.
The 2026 takedown confirms that Medicaid enforcement is no longer a secondary story. It is a central pillar of health care fraud enforcement, and it requires a different defense mindset. Clients should be particularly mindful of state actions, MFCU activity, state Medicaid audits, and the nuances of state program rules. Foley is prepared and experienced with these investigations and can assist providers in evaluating risks, responding to audits or investigations, and developing defense strategies tailored to the applicable state program rules.
