A new bombshell report from the Government Accountability Office (GAO) details a long-running vulnerability in the Affordable Care Act exchanges, showing that weak verification controls continue to expose federal subsidies to significant fraud and abuse. 

“Preliminary results from GAO's ongoing covert testing suggest fraud risks in the advance premium tax credit (APTC) persist,” the report reads. “The federal Marketplace approved coverage for nearly all of GAO's fictitious applicants in plan years 2024 and 2025, generally consistent with similar GAO testing in plan years 2014 through 2016.”

According to the report, GAO conducted undercover tests by creating fictitious applicants with fake identities and fraudulent or never-issued Social Security numbers to see how the federal Marketplace would respond. Over the past two years, 90% of those fake applicants were approved for subsidized coverage despite lacking required documentation. In plan year 2024, all four of GAO’s fabricated applicants were approved and received about $2,350 per month in subsidies paid to insurers, even though they failed to provide proof of Social Security numbers, citizenship, or income. GAO scaled up the test for 2025 to 20 fake applicants; 18 were still enrolled as of September 2025, generating more than $10,000 per month in subsidies

More broadly, GAO's preliminary analyses identified vulnerabilities related to potential SSN misuse and likely unauthorized enrollment changes in federal Marketplace data for plan years 2023 and 2024. Such issues can contribute to APTC that is not reconciled through enrollees' tax filings to determine the amount of premium tax credit for which enrollees were ultimately eligible. GAO's preliminary analysis of data from tax year 2023 could not identify evidence of reconciliation for over $21 billion in APTC for enrollees who provided SSNs to the federal Marketplace for plan year 2023. Unreconciled APTC may not necessarily represent overpayments, as enrollees who did not reconcile may have been eligible for the subsidy. However, it may include overpayments for enrollees who were not eligible for APTC.

A big problem with reconciling these Obamacare subsidies is when someone uses a Social Security number that doesn’t actually belong to the person getting the insurance. GAO’s early look at federal Marketplace data found more than 29,000 Social Security numbers in 2023 that showed over a full year of subsidized coverage. One number was used so many times that it totaled more than 26,000 days of insurance across more than 125 plans - the equivalent of more than 71 years of coverage tied to a single number.

The pattern continued in 2024, with nearly 66,000 Social Security numbers being linked to more than a year of subsidized coverage. This can result from identity theft, fake identities, or simple typing errors. According to the GAO, determining the true owner of a Social Security number can be complicated, so it’s examining these cases and other examples of overlapping coverage more closely.

CMS officials say the federal Marketplace lets people sign up even when a Social Security number is already in use. They claim this helps the real owner of the number get coverage in cases of identity theft or simple typing mistakes. The system uses a model that analyzes various pieces of personal information to distinguish applicants, and CMS runs this check monthly to clear out duplicate accounts. They also say applications with repeated Social Security numbers are supposed to go through a data-matching process in which people send in documents to verify their identities. However, even with those explanations, the setup makes it far too easy for fake applicants to slip through, and clearly, they do. The way the system works gives fraudsters plenty of room to abuse Social Security numbers long before anyone notices.

GAO notes that its “covert testing is illustrative and cannot be generalized to the enrollee population.”

This report lands in the middle of an active policy fight on Capitol Hill over whether to extend enhanced Obamacare subsidies, giving Republicans fresh evidence for their arguments about the program’s structural problem, validating their long-standing criticisms of Obamacare. House Ways and Means Chair Jason Smith (R-Mo.) called the report a “smoking gun” showing how a flawed system, protected by Democrat policies, has pushed tens of billions of taxpayer dollars to insurers through identity fraud. 

Energy and Commerce Chair Brett Guthrie (R-KY) argued that Democrats’ temporary expansion of subsidies worsened fraud, harmed patients, and hid deeper affordability problems. “Republicans have sounded the alarm on the flawed structural integrity of Obamacare and how Democrats’ failed policies to temporarily prop up the program have exacerbated fraud, hurt patients, increased the burden on American taxpayers, and artificially masked the true health care affordability crisis plaguing Americans today,” Guthrie said. “The concerning findings from GAO’s report further confirm that Republican efforts to strengthen, secure, and sustain our federal health programs are critical and necessary to ensure access to quality health care at prices Americans can afford.”