Skip to main content

Insurance companies are being targeted by organized crime. Can they stop the crooks from stealing more than $1 billion a year?

It's just before 9 a.m. on a sunny morning in late July 2015, and a dozen police officers are gathered near the Healthy Fit chiropractic and pain management clinic in north Toronto. They have a search warrant, and they're about to seize evidence in what will eventually become one of the largest health insurance benefits fraud cases in the country.

Together, they take the elevator to the fifth floor of a nondescript six-storey office building just off Highway 401 and enter through the glass door of unit 502. Detective Constable Kevin Williams is among the first to go in, followed by the rest of the officers, some in full uniform, others in plain clothes. He approaches the desk and explains their plans to the receptionist, who is quiet, if unhelpful.

The officers fan out through the drab clinic, taking photographs and labelling rooms. Williams is looking for something specific. He searches the clinic's office and an examining room, but doesn't find much. Then he decides to check the closet.

Opening the door, Williams traces his eyes over shelves, boxes and bags full of orthotics, orthopedic shoes and braces for treating sore backs, knees and arms. Jackpot. "I think there was also one or two of those tension machines, like the Dr-Ho's kind of machine," Williams recalls, referring to the electrical muscle and pain therapy device made famous by infomercials. "It wasn't that sophisticated."

Williams and his fellow officers carefully bag each item, logging the property tag on each, before the evidence is loaded into a van to be taken to a police storage facility. The raid is a success: They have everything they need.

Healthy Fit, ostensibly a vendor of customized medical devices, was at the centre of a massive fraud scheme targeting the Toronto Transit Commission (TTC) or, more specifically, its health benefits plan. Adam Smith, the clinic's proprietor, ran the operation. It involved recruiting TTC employees, including bus, streetcar and subway drivers (many of whom were already both healthy and fit), and convincing them to make falsified claims for medical devices they didn't need. According to the police, the money they received from the health plan, which the TTC says eventually totalled more than $5 million, was then typically carved up, with 40% of the spoils going to Smith.

The TTC became aware of the scheme through an anonymous tip from an employee, sent through a whistle-blower website a year earlier. From that point, management had grown steadily more concerned about how many people were embroiled in the scam. "We followed it, and it grew, and it became very large," says Brad Ross, the friendly-but-firm head of communications for the TTC, who has been involved in the fraud investigation since the start.

Eventually they discovered that more than 700 TTC employees—about 5% of the transit agency's work force—had attended Healthy Fit at one time or another. And while they weren't all false visits, the more the TTC and its health plan administrator, Manulife, searched, the more cases of fraud and abusive benefits claims they turned up. Soon they realized they were dealing with one of the most extensive health insurance fraud cases ever to be made public in Canada.

The Healthy Fit scam is just one of an increasing number of cases of health benefits fraud. At first blush, it's a banal crime: It often involves employees making claims for devices or services they don't need (or don't get) and pocketing the money when they are reimbursed. But lately, the cases have become more sophisticated in their use of technology, and there are growing concerns that organized crime rings are getting more involved.

Some of the recent scams include dozens, sometimes hundreds of employees, often working with crooked doctors, dentists, opticians, massage therapists, chiropractors or pharmacists. The plots can be run in hospitals or out of small multidisciplinary clinics. Sometimes criminals are acting alone. But the more worrying cases involve collusion schemes in which a health-care service provider actively encourages employees to make fraudulent claims and split the profits.

Corporate health benefits plans, usually administered by insurance companies such as Manulife, Sun Life and Great-West Lifeco, have always been subject to some bogus claims. But lately, the fraud has escalated. North American estimates suggest annual insurance fraud losses account for 5% to 10% of claims—representing between $1.2 billion and $2.4 billion in fraudulent health benefit payouts every year in this country. The Canadian Life and Health Insurance Association (CLHIA), which tracks premiums collected from and claims paid to the 25 million Canadians who enjoy extended benefits, says many hundreds of millions of dollars are being wasted each year.

To fight back against the rising cost of fraud—and keep their clients—the largest insurers are finally starting to invest millions into new technology that can automatically flag dodgy claims. They're hiring more ex-cops and other seasoned investigators to launch surveillance operations, interrogate suspects and help the police in their investigations. And perhaps most surprisingly, given the competitive nature of the insurers, they are preparing to invest in an industry-wide claims data pool.

Despite these efforts, there are still questions about how effective this offensive will be or even how serious benefits providers are about preventing fraud. The truth is, they haven't always had that much incentive to crack down.

What does Daisy say?

Tucked away on the second floor of an office building in Vaughan, Ontario, rows of computer engineers and mathematicians are training machines to catch criminals by using the latest artificial intelligence software and data analysis. This is the nerve centre of Daisy Intelligence Corp., a made-in-Canada data analytics company with a cute moniker (it was named after Daisy Bell, the first song ever sung by a computer using speech synthesis) but a serious mission.

On this grim, snowy midwinter day, Daisy's founder and CEO, Gary Saarenvirta, a big guy with spiky hair and black thick-rimmed designer glasses, sits at his desk, flanked by large framed maps of waterways in his Finnish homeland, giving the impression he's planning a crusade through Scandinavia rather than cyberspace.

Saarenvirta, who once worked as the head of IBM Canada's analytics and data warehousing practices, sounds both optimistic about what technology can accomplish and frustrated by how slowly the insurance industry moves. While companies dither, criminals are making off with funds that could be used to make coverage better and more affordable. "I could be a millionaire next week. I could go and commit fraud and make $10 million in a week, and I probably wouldn't get caught. The worst-case scenario would be that some of the phony claims I submitted wouldn't be paid," says Saarenvirta with a growl. "It's outrageous that nobody is doing anything."

Just a few years ago, the claims departments were looking for forged receipts and doctored forms using random audits and tips from whistle-blowers. But increasingly, the warning beacon are lit by computers.

At Daisy, the machines use thousands of processors to comb through insurance claims data. Frauds recognized in the past are used to train the software to identify patterns. A bill for an emergency dental visit that comes in at the same time as one for a teeth cleaning would be flagged as abusive, because those two service items don't happen at the same time. But the computers can be far more rigorous in their analysis, recognizing service prices that are outliers compared with other local providers and finding networks of people linked by shared bank account numbers, old phone numbers or addresses. By Saarenvirta's analysis, 10% to 30% of claims have some element of fraud or abuse. "We've worked with a dozen insurance companies over the past 15 years, and it's been consistent across them all," he says.

Daisy's systems are now on the front line of preventing another Healthy Fit situation from side-swiping the TTC. The transportation agency's contract with Manulife Financial expired about two years ago, and the TTC, City of Toronto and Toronto Police Service collectively selected a new supplier of drug, dental and other health benefits. Green Shield Canada won the business, and the Windsor, Ontario, not-for-profit provider hired Daisy not long after.

Four months ago, the system went live, and now Daisy does a weekly scan of all Green Shield claims data, looking at every individual plan member and service provider, and ranking them on the proprietary Daisy Suspicion Index. Alerts are then generated through an online case management tool, and they come packed with evidence, including data points on the person, network, claims and observed patterns—all of which human investigators can use as starting points if they decide to build a case.

Saarenvirta says his customers have begun to affectionately anthropomorphize the program, asking, "What did Daisy say this week?" In the future, he expects Daisy will become a true member of the team, making automated decisions to reject claims without human approval.

Daisy isn't the only platform promising that technology can change the way insurers find fraud. Sun Life says it has spent tens of millions of dollars on analytics software, which has already saved plan sponsor clients more than $100 million over the past three years. Others, such as Desjardins Insurance, have built in-house teams for health and life insurance fraud analytics. Manulife says its 70-person internal fraud team also uses AI and machine-learning technology. But although tireless computers are steadily taking over the tedious grunt work, it still takes more than machines, no matter how smart, to catch the crooks.

They confess immediately

Even with the digital renaissance sweeping through group benefits insurance, the majority of fraud flags computers raise are false positives. To separate the suspicious from the guilty, providers continue to rely on their internal investigation teams.

"What I've found is that I can apply a lot of my previous experience to this fraud world, because there's so much organized crime involved," says Gary Askin, who heads the fraud risk management group at Sun Life. Before joining the insurer, he spent 33 years at the Waterloo Regional Police Service, primarily investigating drug-related delinquencies, terrorism and criminal rings.

Sometimes Askin's team will immediately cut a service provider off from the company's approved network, stopping all claims related to that person or clinic from being paid. Other times, his team will make a call to inquire about recent activity. This simple act can cause claims to dramatically drop off at health-care providers where there is abuse.

In other scenarios, investigators might visit a suspicious site and take photographs. "We do a covert operation to determine how many treatment rooms are in there. Are they actually providing services? What does it look like? What are the colours of the walls?" Askin says. Then they'll try to interview the claimant. Often, the employees committing the fraud are first-time offenders and easily spooked. They confess immediately.

Data analytics has shortened this process, but insurance companies can still take months, even years, to conduct these investigations, find patterns and shut a provider down. It's difficult to profile offenders, as they come from different socio-economic statuses and career paths, from professionals to labourers.

Askin says the TTC case is a good example of the kind of crime he's up against, "because that's being reproduced all over the country. That's a fairly standard scheme." The next step is to convince local police to make time for the case. And that's not always easy, he says. "They may not perceive some of our white-collar crime, if I can use that term, as being a priority for them."

Even when they take the case, police can struggle to bring down fraud rings. Commander Juan Francisco Vargas of the Montreal police's economic crimes unit spent two years investigating one of the biggest financial fraud cases of his career, as measured by the sheer volume of people involved. About 80 employees of a Shaw Direct office in Montreal were suspected of filing false dental benefit claims that added up to about $700,000.

Vargas says an ex-employee of Shaw Direct recruited other employees to make dental and medical claims for services they never received, with each individual claim amounting to between $4,500 and $29,000. They split the profits—half for the patient and half for the ringleader. Great-West Lifeco and Shaw Direct declined to comment on the case.

"When we phoned the dentists and we phoned the doctors, they never had that client in their file," Vargas says. The practitioners' identities had been stolen and receipts had been forged.

But months spent investigating only led to accusations and charges for 35 people—less than half of the suspects. This was partly because many of the financial exchanges took place with money physically trading hands, which is more difficult for law enforcement to trace than e-transfers or credit card payments. "In this kind of fraud, there are a lot of people paying cash to the head of the organization. When they bring cash, we can't bring the proof to the court," Vargas says of the scheme. The police relied on digital e-transfer trails and cheques for evidence.

This insurance fraud was typical in that Vargas doesn't expect most of the employees who participated to reoffend. They lost their jobs and, in most cases, didn't have pre-existing criminal records. "When we talk with these people, we know they are not rough criminals," he says.

While employees looking to make a quick buck may be easily scared off, the initiators of many of these fraud schemes—people like the ex-employee ringleader at Shaw—are highly likely to reoffend, according to police and insurers. But how often? "That, I think, is the million-dollar question," says Donna Carbell, senior vice-president of Manulife's group benefits team. The company submitted 39 criminal complaints to police departments in Canada last year. Carbell thinks technology is only just arriving at the point where reoffenders will become easier to spot.

Do insurers profit from fraud?

When it comes to fighting fraud, insurers know they have an image problem. The financial giants sell products that customers hope they won't need and often resent paying for. That disgruntled attitude seems to foster a sense of entitlement in the benefits world.

"That's one of the first lines you've got to cross with people—calling it out as benefits fraud," says Dave Jones, Sun Life's senior vice-president of group benefits, from a conference room overlooking Lake Ontario in the company's new Toronto office tower. "Oftentimes when we're interviewing people, one of the most common casual statements we'll hear back is, 'Well, it's not really fraud. It's my insurance company.' "

Benefits insurers are confronting this problem years after fraud became a major headache for other factions of the financial services industry. "Criminals, particularly organized crime, will go to the weakest link—whatever is the easiest way to get money out of the system," says Amanda Holden, national practice lead for the Canadian fraud and security intelligence team at SAS Institute Inc. The software and data management company offers advanced data analytics to a variety of firms to help them fight fraud. Historically, a weak spot was credit and debit cards, she says, because cards were easily counterfeited or stolen from post offices and wallets, and their users were hard to verify. But those scams have been reduced in recent years as Canada moved to a chip and PIN system.

As organized crime has been slowly squeezed out of the payments industry, Holden says criminals have become increasingly niche in their attacks—for example, targeting fintech startups or committing mortgage fraud. Lately, they have begun turning more attention to the insurance industry, she says.

This leads to another issue: Unlike credit card losses, which are felt acutely by a few big banks, escalating claims costs tend to be passed along to the plan sponsors and their employees in the form of increased premiums. In other cases, as with the TTC, the insurers only administer the plan. They make their money by charging a percentage of all claims filed. So the more claims made—fraudulent or otherwise—the more money the insurance company brings in. The claims themselves are paid by the employer.

"The contract model doesn't lend itself toward reduc ing the numbers of dollars of claims paid," says Joel Alleyne, a management consultant and former executive director of the Canadian Health Care Anti-Fraud Association, which was rolled into the CLHIA a couple of years ago. He says fraud can be damaging to the insurer if the costs grow to the point where a frustrated client decides to take its business to another provider or change its coverage. "So they try to do a good job and keep the business with that employer or that plan. But the financial incentive is not necessarily there," Alleyne says.

Still, in the coming months, the Canadian life and health insurance industry will take its next fraud mitigation step: It will begin a pilot project with the goal of eventually aggregating all claims data at the industry level. This will allow insurance companies to do more sophisticated analytics. One simple example would be catching practitioners that make modest, legitimate-looking claims with not one but many providers, creating an impossible day where they supposedly worked more than 24 hours.

Fortunately, the industry doesn't have to look far for inspiration. Government-backed plans to curb soaring car insurance premiums led to a widespread crackdown on property and casualty insurance fraud, which also costs Canadians billions of dollars each year, according to the Insurance Bureau of Canada. In 2015, the Canadian National Insurance Crime Services, or CANATICS, a not-for-profit created by the auto insurance industry, launched a new data-pooling program in Ontario to detect potential instances of organized or premeditated fraud. These cases involve the collusion of service providers such as medical facilities, autobody shops and tow truck operators. But it's the workplace health benefits insurers that often wind up being the first payers.

"We're learning from what they've done and certainly started on a bit of a program to do the same on our side," says Stephen Frank, CEO of the CLHIA.

The jig is up

Adam Smith was on his morning commute into the Healthy Fit office from his home in Mississauga when the law finally caught up with him. As one team of police officers raided his office, another team, which had been tailing him and staking out Healthy Fit to learn his routines, was lying in wait.

The police arrested Smith and charged him with two counts of fraud over $5,000. At first Smith acted shocked, demanding to know why he was being held. Then, as the evidence was presented, he went quiet. "I think as time went on, and the disclosure came out, he actually saw the amount of evidence we had," says Williams. "It was abundantly clear that the jig was up." Smith pleaded guilty, and last September he was sentenced to two years in a federal penitentiary.

It took months to get to that moment, starting with evidence gathered by Manulife and the TTC, which sent undercover agents posing as transit employees to get a sense of the scam. They recorded the weather and physical descriptions of people in the clinic, and taped conversations with Smith. Those recordings helped reveal how Smith persuaded employees to go along with the scheme.

In one such conversation, which took place on August 6, 2014, you can hear Smith telling a young woman called Gloria that she will have to get a prescription from a medical doctor if she wants to make a lucrative claim for some compression arm sleeves. Gloria asks if she can get a prescription at a walk-in clinic. "Yes, you can," says Smith, "but sometimes it's like the [Soup] Nazis—no socks for you, no arm sleeves for you." He pauses. "I do have a friend who is also a doctor and can get you one."

It's now four years after the TTC's investigation into Healthy Fit's $5-million fraud, and 222 people have been fired or forced to resign. But the saga isn't over. Ten TTC employees' fraud offences were so serious that they were also criminally charged, and legal proceedings are ongoing. The TTC is also suing Manulife, Smith and some of its employees. Manulife denies all allegations made by the TTC, adding that it takes fraudulent insurance claims seriously, whether it's acting as an insurer or administrator of the plan. "Benefits fraud is complex, layered and constantly evolving, and we continuously evolve our strategies and work with key stakeholders to meet this risk," the company said in a statement.

Williams says big investigations are often necessary to crack established fraud schemes, but the work could be made easier if companies and their benefits providers more clearly defined what is and isn't covered, and communicated that to employees. "One of the biggest things we heard when we interviewed TTC employees was that it was a culture whereby they thought, Well, you know, I pay for these benefits, so I'm going to use these benefits whether I need them or not," Williams says.

Saarenvirta of Daisy says benefit sponsors can be shock ingly inconsistent when it comes to enforcement, and he's seen some fraudulent behaviour intentionally going unchecked. "We see some small towns, where the number of doctors or health-care practitioners is so small that the insurers let them get away with anything because the companies that work there say, 'We don't care—pay these guys anything. He's the only doctor in town.'"

A low-tech solution

Not everyone thinks the latest fraud crackdown will be enough, and one of the skeptics is Joel Alleyne, who helped develop fraud-prevention techniques in Europe and the U.S., as well as in Canada. "It's a bit of an arms race between the fraudsters and the counter-fraud specialists," he says. "We've seen this over and over and over again. Different technologies are put in place, and the fraudsters find a way around them."

But insurers say this time is different, and real change is brewing as their customers grow more concerned about the cost of fraud. "Five years ago, we weren't talking about fraud in a big way at the association. We're talking about it a lot now, and we're hearing about it from all kinds of members. They're all feeling it, they're all staffing up and they're all looking to increase their investigative power," says Stephen Frank of the CLHIA.

The industry's answer is to work together and pool data, leaving fewer dark corners for fraudulent claims to pass unseen. But there will be challenges. For starters, these initiatives will take years to develop. Insurance companies have interminable layers of bureaucracy and are cagey about sharing and manipulating their data to begin with. First they'll have to figure out the complicated process of merging data inputs from dozens of insurance companies that have all built their own independent systems. And then the risk-conscious industry will no doubt want to test and retest the new database. In the meantime, billions of dollars will be lost.

Even some industry leaders concede that change is coming too slowly. "We all understand that this data, especially in this electronic age, is important," says Brent Allen, vice- president of service operations at Green Shield. "But it's not moving, in our view, as fast as we'd like to see it."

In the meantime, a lower-tech idea is bubbling up in the insurance industry: that changing the behaviour of employees—the ones actually using the benefits—can have a big impact on fraud. A recent German academic report mined research in psychology and behavioural economics to conclude that benefits abuse has a lot to do with people's gut feelings about what is fair. The researchers took lessons from tax evasion, employee crime and copyright infringement, and found that making small and inexpensive changes to contract design and consumer outreach can make a real difference in lowering the incentives to lie and raising the moral threshold of plan members so they won't act dishonestly.

One example can be found in a 2012 study by researchers from the universities of Harvard, Duke, Northwestern and Toronto that tested the difference between a person signing at the beginning or the end of a form to confirm they had completed an auto insurance claim honestly. The results were stunning. "Using laboratory and field experiments, we find that signing before—rather than after—the opportunity to cheat makes ethics salient when they are needed most and significantly reduces dishonesty."

Dan Ariely, a professor of behavioural economics and psychology at Duke University, worked on that study as part of his broader research on the small ways people cheat and the big harm it causes. In his 2012 book, The (Honest) Truth About Dishonesty: How We Lie to Everyone—Especially Ourselves, he explores how people will act dishonestly up to the point where they start to feel bad because it compromises their personal sense of integrity. "Many good people cheat just a little here and there by rounding up their billable hours, claiming higher losses on their insurance claims, recommending unnecessary treatments and so on," he writes. But Ariely also believes this instinct to game the system can be controlled. In 2016, he joined U.S. property and casualty insurance carrier Lemonade as its chief behavioural officer, saying the industry has "antagonistic, annoying, difficult process[es], with low trust and high dishonesty."

If insurance companies and employers treated plan members with more respect and communicated better, it could stop them from getting sucked into collusion schemes in the first place. If employees knew skimming off extra benefits could mean a cubicle mate's child might have coverage for a costly pharmaceutical drug capped, they might think twice. The TTC's whistle-blower says he had known about Healthy Fit for as many as three years. It was only when the transit agency created an anonymous tip line that he spoke up. What if the corporate culture had been different?

The advantages of reducing fraud could be material. Consider a group plan with 100 employees, which typically costs a company $300,000 to $400,000 per year. Based on industry estimates, fraud could represent up to $40,000 of this plan's costs. Brad Ross at the TTC has seen the rewards of their crackdown to the tune of a $7-million decrease in annual claims, indicating its employees have got the message that benefits abuse won't be tolerated. "Benefits cost a lot of money for companies," he says. "We want to make sure everybody knows the individuals will be dealt with appropriately."

Amanda Holden at SAS says all the insurance industry really needs to do at the moment is make itself less attractive to fraudsters than other targets. She expects the health-care industry will spend the coming years struggling and playing catch-up with the same kind of authentication challenges the banking and credit card sectors had to overcome in the past decades. "If you look at the way the banks have gone—the insurers are going to bring a lot of data together, they're going to try to find the anomalies and they're going to try to be as predictive as possible, but eventually they're going to get to, 'How do I lock the front door to make sure the whole system is secure?'" she says.

Holden says criminals could be forced to move to weaker and weaker benefits providers, as more insurers tighten their controls. Eventually, as the industry gets stronger, they might be driven to shift their attention out of the industry altogether—moving on to the next weak link. "When you sour the milk and the criminals say, 'Ugh, there's nothing left there,' they'll go somewhere else."