GM, Welcome Back to the Dead Drop.

Last week, a relationship manager at Bank of America's Sheepshead Bay branch in Brooklyn pled guilty to laundering more than $8 million in Medicare fraud proceeds for a transnational criminal organization. The same week, federal prosecutors unsealed a complaint against two men who turned adult daycare centers in Queens into a decade-long, $120 million Medicare and Medicaid fraud machine.

Two different schemes. Two different criminal playbooks. One identical point of failure: the people and institutions you're supposed to trust.

Here's what most coverage of healthcare fraud gets wrong. The press reports the dollar amounts, prints the mugshots, and moves on. Nobody explains how the machine actually works, or why the person sitting across the desk at your bank, or managing your elderly parent's daycare, might be the most dangerous actor in the entire chain.

Today, we fix that.

Renat Abramov, 36, was a dual citizen of the United States and Azerbaijan. For nearly seven years, he held the title of "relationship manager" at Bank of America. His job was to advise business clients, provide financial solutions, and open accounts. Standard banking. Friendly handshake, business card, corporate smile.

According to the DOJ, Abramov was also a member of a transnational criminal organization, primarily based in Russia, that submitted more than $10 billion in fraudulent Medicare claims by stealing the identities of over one million Americans in all 50 states.

This is not a misprint. Ten billion dollars.

Here's how the operation ran. The transnational criminal organization (TCO) bought dozens of existing medical supply companies across the United States, specifically targeting businesses that were already enrolled with Medicare. Acquiring clean billing history meant they could submit claims immediately without raising enrollment flags. They swapped in foreign straw owners using forged corporate documents, then began billing Medicare for urinary catheters, glucose monitors, and other durable medical equipment that no patient ever ordered or received.

Abramov's role was critical. He opened accounts at his branch for at least six of these shell medical equipment companies between 2021 and 2023, bypassing know-your-customer protocols by accepting forged corporate registration documents from individuals who were not lawfully present in the United States. The accounts were used to deposit Medicare checks that looked completely legitimate, because they came from Medicare itself and established insurance companies.

Once deposited, the money moved fast. Between December 2023 and January 2024 alone, one account wired more than $865,000 to a Hong Kong-based company called Hengrun Trading. Across the broader network, fraud proceeds flowed to shell companies in China, Singapore, Pakistan, Israel, and Turkey. Cryptocurrency wallets added another layer of distance. Telegram kept communications encrypted.

The accounts showed massive red flags that any competent compliance review should have caught. Large Medicare deposits with zero corresponding business expenses. No shipping costs. No inventory purchases. No storage fees. Money in, money out, money gone.

When investigators closed in, Abramov booked a one-way flight to Moscow.

He didn't make it. He pled guilty to conspiracy to commit money laundering on February 3rd, faces up to 20 years, and is scheduled for sentencing on April 20th. This marks the first time the DOJ's Health Care Fraud Unit has ever charged and convicted a bank employee for conspiring to launder healthcare fraud proceeds.

The first. But, definitely not the last.

On the surface, Royal Adult Daycare and Happy Life Inc. looked like exactly what Flushing, Queens needed: social adult daycare centers serving elderly community members. Behind the surface, prosecutors allege owners Inwoo Kim and Daniel Lee ran a parallel operation for nearly a decade.

Between 2016 and 2026, Kim and Lee allegedly paid illegal cash kickbacks and supermarket gift certificates to Medicaid recipients and Medicare beneficiaries to induce them to fill prescriptions at Kim's pharmacy and enroll in his daycare centers. The payments weren't subtle. Text messages seized by investigators show Kim writing to a co-conspirator: "Please give the $10,000 to the Korean members first." Lee texted separately: "I gave the payment" and "I left the envelope [for a patient] with Tony."

They submitted claims for daycare services that exceeded their facilities' permitted capacity, meaning they were billing for more people than could physically fit in the building. They billed for prescriptions that were medically unnecessary or never filled. To generate the cash needed for kickbacks and bribes, they withdrew significant amounts from bank accounts they controlled.

The total damage: approximately $120 million paid by Medicare and Medicaid for services that were unnecessary, never provided, or induced by kickbacks and bribes.

This case didn't emerge in isolation. In a related enforcement action announced earlier this year, two Brooklyn-based recruiters pled guilty to conspiring to defraud Medicaid by paying kickbacks tied to social adult daycare and home health services totaling more than $68 million. New York State separately announced indictments alleging $3.5 million in Medicaid transportation fraud in Orange County.

The adult daycare sector has become a prime target for fraud operators because the model is almost perfectly designed for exploitation: vulnerable elderly populations who may not fully understand the services being billed in their name, high reimbursement rates, and historically minimal oversight at the state level.

Strip away the specifics, and both cases follow the same four-phase architecture that drives nearly all healthcare fraud in the United States.

Phase 1: Acquire Legitimacy. Abramov's TCO bought real medical supply companies with clean billing histories. Kim incorporated legitimate-looking daycare centers. The key insight is that criminals don't build from scratch. They acquire or create entities that already look credible to the system.

Phase 2: Recruit and Exploit Beneficiaries. The TCO stole identities from over one million Americans. Kim paid cash and gift cards to elderly community members. Whether through identity theft or direct inducement, the fraud requires real Medicare and Medicaid beneficiary information attached to claims.

Phase 3: Bill Aggressively. Submit claims for services never rendered, upcode legitimate services, or bill beyond capacity. The billing volume needs to be high enough to generate serious revenue but not so anomalous that it triggers automated detection. The TCO billed $10.6 billion. Kim and Lee billed $120 million. The scale varies; the mechanics are identical.

Phase 4: Extract and Launder. Abramov moved money through shell companies to Hong Kong and into cryptocurrency. Kim withdrew cash directly to fund kickback payments. Every scheme needs a cash-out mechanism, and the financial system remains the weakest link.

If you have elderly family members in adult daycare or home health programs:

If you manage business banking relationships:

If you are a healthcare provider or compliance officer:

The U.S. Centers for Medicare & Medicaid Services (CMS) disburses roughly $1.7 trillion annually. The 2025 National Health Care Fraud Takedown, the largest in American history, charged 324 defendants across $14.6 billion in alleged fraud. That number is growing, not shrinking. New cases are hitting federal dockets every week in 2026.

The common thread across all of them is not sophisticated technology or brilliant criminal innovation. It's access. A banker who opens the wrong accounts. A daycare operator who pays the wrong incentives. A straw owner who signs the wrong documents. The system fails at the human layer, every single time.

Your banker. Your parent's daycare. Your doctor's billing office. Trust is the vulnerability.

Verify everything.

Stay sharp. Trust slowly. Verify everything.

This is the first installment in The Dead Drop's ongoing series examining the mechanics of America's healthcare fraud epidemic. Next week: Operation Gold Rush and the $10.6 billion billing machine built by a Russian criminal syndicate using stolen American identities.

An Air Force staff sergeant used his position in the pharmacy at Davis-Monthan Air Force Base to run a four-year theft operation that funneled over $11 million into personal bank accounts. Richard Stefon Ramroop and his spouse Manuel George Madrid allegedly purchased thousands of medical devices with government funds, diverted them off-base, and resold them on the open market from January 2022 through December 2025.

The scheme cost taxpayers more than $3 million in stolen supplies. The proceeds bought a million-dollar Tucson home and a fleet of luxury vehicles, several of which were seized during a January search warrant. The 12-count federal indictment includes conspiracy, wire fraud, and money laundering charges carrying up to 20 years.

This is the insider threat nobody budgets for. The same access that lets a pharmacy NCO order legitimate medical supplies becomes the perfect procurement pipeline for criminal resale. No hacking required. No forged credentials. Just a trusted employee exploiting a system designed to trust him. It connects directly to the healthcare fraud infrastructure we're covering this week: the most dangerous vulnerabilities aren't in your software. They're on your payroll.

Read the Full Story Here

Banks can't make certain risky loans anymore. Post-2008 regulations made sure of that. So they found a workaround: lend the money to non-depository financial institutions (NDFIs), private firms that aren't bound by the same rules, and let them make those loans instead. As of early 2025, U.S. banks held $1.14 trillion in NDFI loans, the single fastest-growing lending category, up 26% annually since 2012.

Then three fraud cases hit in rapid succession. Zions Bancorporation disclosed a near-total wipeout on $60 million after discovering "apparent misrepresentations." Western Alliance sued the same borrower. JPMorgan absorbed a $170 million loss tied to a subprime auto lender collapse. Jamie Dimon's assessment was blunt: "When you see one cockroach, there are probably more."

The uncomfortable truth: NDFIs operate with far less transparency and regulatory oversight than traditional banks, meaning nobody, including the banks funding them, fully understands what's actually in these portfolios. The regulations designed to protect you after 2008 didn't eliminate risk. They just moved it somewhere harder to see.

Read the Full Story Here

Extortion-related cyberattacks surged 63% in 2025, hitting roughly 6,800 incidents, with the U.S. accounting for more than half of all victims. But the real story isn't the volume. It's the business model evolution happening inside these criminal organizations.

Intel 471's latest threat report reveals ransomware crews are now abandoning encryption entirely in favor of pure data extortion, stealing your information and threatening to publish it rather than locking your systems. Why? Better margins, lower operational risk, faster payouts. These groups run affiliate programs, recruit talent on dark web forums, and pivot strategies when legislation threatens revenue, the same way any Fortune 500 adapts to regulatory pressure.

The most alarming shift: supply chain targeting. Instead of hitting one company, attackers compromise a single vendor or managed service provider and cascade access to dozens or hundreds of downstream victims. One intrusion, maximum yield. Meanwhile, over 40% of disclosed vulnerabilities were actively exploited last year. The criminals aren't just innovating with AI. They don't need to. Proven tools still work because most organizations can't patch fast enough to matter.

Read the Full Story Here