Full Report
From the U.S. Attorney’s Office, Eastern District of Arkansas: LITTLE ROCK—A Little Rock psychologist has been indicted for defrauding Medicare and Arkansas Blue Cross and Blue Shield (Blue Cross) and creating fictitious records to conceal her wrongdoing. Krameelah Banks, 48, of Little Rock, faces twenty-three counts of wire fraud, seven counts of making false... Source
Analysis Summary
# Incident Report: Healthcare Fraud and Fictitious Record Creation
## Executive Summary
Krameelah Banks, a Little Rock psychologist, was indicted for a multi-year scheme defrauding Medicare and Arkansas Blue Cross and Blue Shield. The fraud involved billing for thousands of psychotherapy hours that never occurred, often for patients seen only once, resulting in losses exceeding $500,000. To conceal this, the psychologist created and submitted fictitious records to the insurers and, subsequently, lied to the FBI.
## Incident Details
- Discovery Date: Not explicitly stated (Indictment announced November 25, 2025, covering activity through 2023)
- Incident Date: Alleged activities span from 2021 through 2023.
- Affected Organization: Arkansas Behavioral Center (ABC), Medicare, and Arkansas Blue Cross and Blue Shield (Blue Cross).
- Sector: Healthcare/Medical Services.
- Geography: Little Rock, Arkansas (Primary operation location).
## Timeline of Events
### Initial Access
- Date/Time: Activity began approximately 2021.
- Vector: Deception/Internal Misconduct (Administrative/Billing Abuse).
- Details: Krameelah Banks, owner of ABC, began systematically over-billing insurers for services.
### Lateral Movement
- Not strictly applicable in a traditional cyber sense; movement was internal/administrative, involving the systematic submission of false claims across different billing periods and patient files.
### Data Exfiltration/Impact
- Date/Time: Ongoing through 2023.
- Details: Financial loss to Medicare and Blue Cross exceeded $500,000 by falsely billing for thousands of psychotherapy hours. Falsified time entries and potentially sensitive patient/billing data were manipulated to support fraudulent claims.
### Detection & Response
- Date/Time: Investigation led to indictment announcement on November 25, 2025.
- Vector: Financial/Systematic Auditing (Implied from insurer inquiries and subsequent FBI investigation).
- Details: Insurers (Medicare/Blue Cross) likely flagged discrepancies, leading to inquiries. The response included an investigation led by the FBI and the U.S. Department of Health and Human Services, Office of the Inspector General (HHS-OIG), culminating in a federal indictment.
## Attack Methodology
This incident is categorized as **Insider Fraud/Financial Crime** rather than a typical external cyber intrusion. The "attack vectors" relate to administrative and document manipulation:
- **Initial Access:** Administrative privileges over the billing system of ABC.
- **Persistence:** Routine, repeated submission of false billing data over a multi-year period (2021–2023).
- **Privilege Escalation:** Not applicable (used existing ownership authority).
- **Defense Evasion:** Creating and submitting fictitious records to justify disputed claims; recycling nearly identical records for multiple inquiries.
- **Credential Access:** Not applicable.
- **Discovery:** Not applicable (Internal actor discovering vulnerabilities in payer audit controls).
- **Lateral Movement:** Not applicable (Movement was within the billing and record-keeping systems).
- **Collection:** Gathering legitimate patient information (single-visit referral patients) and reusing/applying it to thousands of falsely billed sessions.
- **Exfiltration:** Financial Falsification (Theft of funds via fraudulent billing).
- **Impact:** Financial loss to government/private insurers; creation of false medical/legal documentation.
## Impact Assessment
- Financial: Over $500,000 lost by Medicare and Blue Cross.
- Data Breach: Creation of fictitious records related to patient care and billing. Potential compromise/misuse of patient identifiers through false claims submission.
- Operational: Disruption to the internal operations of ABC due to investigation; Burden on insurers to conduct extensive audits.
- Reputational: Negative publicity following the federal indictment of a licensed professional.
## Indicators of Compromise
This incident lacks traditional network IOCs. Indicators are behavioral/documentary:
- **Network Indicators:** None provided (No external network intrusion suspected).
- **File Indicators:** Fictitious records, recycled documentation submitted for legitimate claims.
- **Behavioral Indicators:** Billing for services while outside the country (Florida, Mexico); Billing for more than 24 hours of services in a single day; Billing for services rendered to deceased patients; Lying to federal agents (FBI).
## Response Actions
Response actions were conducted by law enforcement and regulatory bodies:
- **Containment measures:** Not applicable for the initial fraud mechanism (insurer risk controls would have been the containment).
- **Eradication steps:** Investigation conducted by FBI and HHS-OIG.
- **Recovery actions:** Federal indictment secured by the U.S. Attorney’s Office, Eastern District of Arkansas, charging the individual with twenty-three counts of wire fraud, seven counts of making false statements, lying to the FBI, and aggravated identity theft.
## Lessons Learned
- **Vulnerability of Claim Review Processes:** Insurers must have robust, proactive auditing systems capable of flagging impossible billing scenarios (e.g., impossibility check on hours/day, billing for deceased individuals, or geographic outliers).
- **Importance of EOB Review:** Individuals using insurer services should meticulously check their Explanation of Benefits (EOB) statements for services they did not receive, as this serves as a crucial layer of defense against this type of fraud.
- **Insider Threat Mitigation:** Reliance on an employee/owner's integrity in high-trust roles (like healthcare billing) requires stronger periodic, unscheduled external validation processes.
## Recommendations
- Healthcare providers and payers should implement AI/ML models to automatically flag time-based inconsistencies in service logs against provider schedules and geographic locations.
- Payers (Medicare/Blue Cross) should increase scrutiny on claims from single-provider practices, especially those involving high-volume billing for transient or referral-only patient populations.
- Establish mandatory, independent audits for billing practices annually for practices billing above a certain threshold to government/private insurers.