COVID-19 Fraud: Five Years In, Five More to Go
The CARES Act: A Lifeline—and a Loophole
The CARES Act was designed to prevent economic collapse during the pandemic lockdowns. Through programs like the Paycheck Protection Program (PPP) and the Economic Injury Disaster Loan (EIDL), Congress authorized over $1 trillion in loans and grants to more than 10 million small businesses between 2020 and 2022. But the speed and scale of the rollout created vulnerabilities that fraudsters were quick to exploit.
In its March 2025 report, the Government Accountability Office (GAO) noted that the Small Business Administration (SBA) had not developed adequate risk mitigation plans for the PPP as of June 2020. By May 2023, the GAO concluded that while the SBA acted swiftly under extraordinary circumstances, some relief funds inevitably fell into the wrong hands.
PPP Fraud: From Low-Level to High-Dollar
Directly flowing from the vulnerabilities associated with the various CARES Act programs, the Department of Justice (DOJ) announced in a June 2025 press release that it charged over 200 individuals and entities, and seized over $78 million, in connection with PPP COVID-19 relief fraud..
In February 2025, Colin Huntley, Deputy Director of the DOJ Civil Fraud Division’s Fraud Section noted that the Department is currently pursuing over 700 cases involving pandemic-era programs. Huntley emphasized that while many of the smaller, low-level fraud cases have been resolved, the current wave of investigations is targeting larger, more complex schemes—often involving layered ownership structures and sophisticated concealment tactics.
Beyond PPP: EIDL, RRF, and PRF Under Scrutiny
While the PPP has garnered the most attention, it is not the only program under the microscope:
– Economic Injury Disaster Loan (EIDL): The SBA disbursed billions through this program, and it too has been plagued by fraudulent applications. DOJ has brought numerous cases involving fake businesses, identity theft, and misuse of funds.
– Restaurant Revitalization Fund (RRF): The RRF has seen significant abuses amongst the 101,000 awards, which totaled $28.6 billion. Notable fraud schemes involved cases where applicants were ineligible due to their size or business structure, inflated revenue losses, or created shell entities to secure funds.
– Provider Relief Fund (PRF):Administered by the Department of Health and Human Services (HHS), the PRF was intended to support healthcare providers during the pandemic. In June 2025, HHS OIG released an audit report that found 11 of 30 hospitals reviewed had misused or misreported over $700 million in funds.
Largest Healthcare Fraud Takedown in History
In June 2025, DOJ and HHS-OIG announced the largest healthcare fraud takedown in history with 324 defendants across 50 federal districts and amounting to $14.6 billion in fraud. A significant portion of those cases involved COVID-19 related fraud, including fraudulent billing for lab testing.
Reforms and the Road Ahead
In response to the widespread fraud, the SBA has implemented several reforms including: (1) citizenship and age verification, (2) automatic fraud alerts that flag suspicious applications based on inconsistencies and anomalies, and (3) enhanced oversight mechanisms including new agency-wide audits.
Meanwhile, False Claims Act (FCA) settlements for pandemic-related fraud surpassed $250 million in 2024, and criminal restitution orders now exceed $1.1 billion—though actual recoveries remain uncertain due to bankruptcies and asset concealment.
A Pivotal Moment for Enforcement and Compliance
The pandemic may be behind us, but the legal reckoning is far from over. With billions still unaccounted for and a renewed focus on high-dollar fraud, the next five years will be critical as the 10 year statute of limitations for crimes committed under the CARES Act expires. Thus, for whistleblowers and their attorneys, this is a pivotal moment to engage with the government’s efforts—not just to recover lost funds, but to help build a more resilient system for the future.
This piece was written by Clark Bolton, a Whistleblower Attorney for Morgan and Morgan’s Complex Litigation Group.
