Thursday, July 16, 2026

GAO: Obamacare Flaw Exposed Millions to Plan Switches

Valyrian News Network 5 min read

GAO: Obamacare Flaw Exposed Millions to Plan Switches

A new report from the Government Accountability Office (GAO) has uncovered critical security flaws in the federal Obamacare exchange system that left millions of Americans vulnerable to unauthorized health plan switches by unscrupulous insurance agents and brokers. Consumer complaints about unauthorized enrollments and plan changes surged more than fourfold between 2023 and 2025, according to the watchdog’s findings released Monday.

The Scope of the Problem

The GAO report, formally titled “Health Insurance Marketplaces: CMS Needs Stronger Controls to Prevent Unauthorized Actions by Agents and Brokers,” documented a dramatic increase in consumer complaints, rising from 66,548 in 2023 to 299,604 in 2025 — a 350% surge. The review found that the Centers for Medicare and Medicaid Services (CMS), which operates the federal Marketplace at HealthCare.gov, lacked sufficient controls to protect consumers from unauthorized activity.

According to Fox Business, the GAO identified three critical weaknesses in CMS’s system: weak processes to ensure consumer consent for agent or broker actions, no restrictions preventing agents not associated with a consumer’s enrollment from accessing their records, and failure to inform consumers of all actions taken by agents or brokers on their accounts.

Undercover Investigation Reveals Systemic Vulnerabilities

GAO investigators filed 20 fake enrollments spanning 2024 and 2025 coverage as part of their undercover probe. Most were approved — even those submitted with counterfeit documents. Eighteen of those fraudulent plans remain in place, with federal subsidies still being sent to insurers for the fake enrollees, according to Seto J. Bagdoyan, GAO Director of Forensic Audits and Investigative Service and co-author of the report.

“The absolute bottom line is nothing has changed in terms of risk,” Bagdoyan told KFF Health News. He noted that GAO investigators encountered the same identity verification issues that had been flagged more than a decade ago. “We have documentary evidence that whatever it is they did, obviously it hasn’t worked, because we encountered the same issues as 12 years ago, having to do with identity verification.”

The investigation also uncovered that in 2024, at least 160,000 federal Marketplace applications — approximately 1.5% of all ACA applications — had likely unauthorized changes. In one striking case, a single Social Security number was used for 125 different policies in 2023.

Consumer Impact and Consequences

Unauthorized plan switches can have severe consequences for affected Americans. Consumers may be forced to change doctors, lose coverage for essential medications, and face higher out-of-pocket costs. The GAO report also warned that consumers could face unexpected tax liabilities if inaccurate income or eligibility information was used to obtain federal premium tax credits.

Many consumers do not discover the unauthorized changes until they seek medical care or receive an IRS notice during tax season, the report found. The financial harm extends beyond individuals, as taxpayers may ultimately foot the bill for subsidies paid to ineligible enrollees.

CMS Response and Recommendations

In July 2024, CMS began requiring three-way calls with consumers, the marketplace, and their agents for certain types of changes, such as plan switches. However, GAO investigators found these measures insufficient. “The three-way call is something CMS has promoted. It’s better than nothing, but as we point out in the report, it could be easy to overcome by an unscrupulous broker who starts the process from scratch. Or they could impersonate,” Bagdoyan said.

By October 2024, CMS had suspended approximately 850 insurance brokers over questions about unauthorized enrollments. However, all were eventually reinstated by May 2025. CMS told GAO it is exploring options for new controls for the 2027 open enrollment period but has not yet made final decisions.

The GAO made two formal recommendations: that CMS design and implement stronger controls to ensure consumer consent — such as one-time passcodes — and better inform consumers of agent and broker actions taken on their accounts. The Department of Health and Human Services concurred with both recommendations.

State Marketplaces Offer a Model

The report noted that three state-based Marketplaces examined — California, Georgia, and New Mexico — have implemented controls that go beyond CMS’s requirements, such as requiring one-time passcodes to verify consumer consent. Issues with unauthorized switching are not common in these state-run Marketplaces, suggesting a viable path forward for federal reform.

Political and Policy Implications

The findings arrive amid an ongoing political debate over the future of the Affordable Care Act. The Trump administration has made health care fraud enforcement a major priority, with CMS Administrator Dr. Mehmet Oz leading efforts. CMS spokesperson Catherine Howden stated that “rooting out waste, fraud, and abuse is one of Dr. Oz’s top priorities.”

Meanwhile, Congress remains divided on how to address the issue. Democrats have introduced legislation to impose criminal penalties on brokers who knowingly submit false information on ACA enrollments, but it has not been adopted. The House passed the One Big Beautiful Bill Act, which includes measures to make it harder to enroll in ACA plans, such as requiring additional eligibility verification.

What’s Next

With CMS’s timeline for implementing new controls extending to the 2027 open enrollment period, consumers remain vulnerable for at least another year. The GAO’s findings are likely to intensify pressure on both the agency and Congress to act more swiftly. As IndexBox noted in its analysis, the report underscores the urgent need for stronger safeguards to prevent bad actors from exploiting the system for financial gain at the expense of American consumers.