top of page
Search

California Facing Federal Fraud Claims Flunks Cybersecurity Audit

AENN


Mar 28, 2026

With already suspected of over $90 billion of federal spending fraud, California’s Health and Human Services Agency just flunked its annual Cybersecurity audit regarding $136.6 billion in federal healthcare funding this year. [below]



Mountain Top Times' Substack is a reader-supported publication. To receive new posts subscribe below. To support Chriss Street’s work, consider becoming paid subscriber.

Vice President Vance as Chairman of the U.S. Task Force on Eliminating Fraud, announced at his first meeting regarding California he is teaming with the Centers for Medicare & Medicaid Services (CMS) to use Artificial Intelligence (AI) to flag and suspend payments to 70 Los Angeles hospice and home health providers suspected for “high risk of fraud.”

Vance explicitly emphasized that as the task force to root out waste, fraud and abuse ramps up its work, he expects the potential number of fraudulent California hospice and home health providers to grow exponentially. “This is not just theft of the American people’s money. This is also theft of critical services that the American people rely on.”


CMS administrator Dr. Mehmet Oz has estimated that federal healthcare spending fraud exceeds “$100 billion” per year. He highlighted that 30% of hospice services “in the entire country” occur in Southern California.


U.S. House Committee on Oversight and Accountability launched an investigation in January into alleged widespread healthcare spending fraud in California.


Chairman James Comer, R-Ky. Reported last year that lawmakers suspect annual Minnesota health and human services fraud of $9-18 billion. But he warned on Tuesday that “You could multiply what we found in Minnesota probably by 10 in California. That’s how bad it is.”

The Biden administration provided California with over $600 billion in federal pandemic stimulus funds, with roughly 40% going to, or passing through, state government.

To protect taxpayers, Office of Inspectors General (OIG) perform annual independent evaluation of their agency’s information security programs and practices to determine the effectiveness of those programs and practices.


OIG engaged Ernst & Young LLP (E&Y) to annually audit California’s Health and Human Services Agency for fraud under the ‘Compliance With the Federal Information Security Modernization Act of 2014.’ For California to be rated “Effective” under federal law, the state must achieve at least a “Managed and Measurable” maturity level for the six (6) function areas: Govern, Identify, Protect, Detect, Respond, and Recover.”


Under the U.S. Office of Management & Budget, the maturity level scoring methodology each federal grant recipient is divided into calculated scores for core and supplemental metrics. Level 1 (Ad hoc) is the lowest maturity level and Level 5 (Optimized) is the highest maturity level.


E&Y just published its FY 2025 audit results that rated California’s Health & Human Services information security program for all six categories as “Not Effective” for the sixth consecutive year.” California under all Cybersecurity metrics was also rated Level 1 “Ad Hoc.” According to the audit:


“In FY 2025, HHS did not achieve a “Managed and Measurable” rating for either the Core or Supplemental Inspector General metrics in any of the six cybersecurity function areas: Govern, Identify, Protect, Detect, Respond, and Recover. Specifically, the overall maturity level for Core metrics was assessed as “Consistently Implemented,” while the Supplemental metrics were rated “Ad Hoc.” Together, these ratings fall below the “Managed and Measurable” level, resulting in an overall determination of “Not Effective.”” [below]





The State of California, despite E&Y’s devastating findings and multiple federal investigations regarding hundreds of billions of federal spending fraud, issued a formal audit response that amounted to business as usual:


“As requested, our office has reviewed the aforementioned report and has attached written comments regarding the validity of facts, actions taken, and planned actions, based on your recommendations. We look forward to continuing our collaboration efforts to enhance information technology security and further implement safeguards and practices that protect HHS data and the health information of the American public.”


Mountain Top Times' Substack is a reader-supported publication. Please consider supporting Chriss Street’s work by becoming a paid subscriber.


Recommend Mountain Top Times' Substack to your readers

MTT would like to offer fair and honest reporting with solutions and facts.

Comments

bottom of page