How employees steal from a dental practice.

This post examines the schemes employees use to steal from dental practices. These methods are not unique to dentistry, the same patterns appear in businesses and professions of every kind.

Since 2004, I have investigated hundreds of embezzlement cases, and the evidence consistently points to the same handful of schemes. None of what follows is a trade secret. Every scheme described here has been documented in court records, news reports, and publicly available resources.

Visit this link to read hundreds of news articles about dental embezzlers and the schemes they used -> Find an Embezzler

BUT FIRST, LET’S BUST SOME DENTAL EMBEZZLEMENT MYTHS

“PREVENTION IS NEARLY IMPOSSIBLE”
“THERE ARE Over 300 ways to steal”

An excerpt from “Recognizing the Signs of Embezzlement” by David Harris

Yet the safeguards many dentists rely on may provide a false sense of security, according to Harris. Most practice management software programs come with defenses designed to prevent embezzlement, but Harris believes prevention is nearly impossible, so these defenses usually fall short.

“Ultimately, the safeguards built into these systems aren’t terribly effective, because a thief has lots of options,” he says. “We’ve catalogued over 300 ways to steal, and we’re not done!”

David Harris, CDA Essentials Vol 2 #8:
https://www.cda-adc.ca/en/services/essentials/2015/issue8/#27/z
Download PDF

“300 WAYS TO STEAL” IS A MYTH.

CLICK HERE TO FIND OUT WHY “300 WAYS TO STEAL” IS A MISLEADING MYTH.

Fraud methods are not discrete items, they are variations of the same handful of root causes.

Fraud methods are not a collection of discrete, independent techniques, they are variations on a small number of root causes. In any business environment, theft flows through a limited set of mechanisms. Dental embezzlers are no different.

The core schemes are:

• Skimming and Cash Larceny
• Fraudulent Disbursements
• Check Tampering
• Billing Schemes
• Payroll Fraud

Everything else is a variation or sub-technique of one of these categories. Labeling every permutation a “new way to steal” is like claiming there are 300 ways to run a red light simply because it can be done in 300 different cars.

Fraud typologies are counted by category, not by imaginative variation.

The number is unmeasurable and unverifiable. Any legitimate statistic must be countable, repeatable, and independently verifiable.

“300 ways to steal” meets none of these tests. No industry body, academic institution, insurer, regulator, or forensic standard has ever recognized such a figure. It has never been published, peer-reviewed, or bench-marked.

It is a marketing claim dressed up as expertise. When someone says they have “catalogued 300 ways,” the first question should be: according to what taxonomy? What methodology? What peer review? There is no answer, because the number is rhetorical, not empirical.

A legitimate statistic must be:

• countable
• repeatable
• independently verifiable

“300 ways to steal” meets none of these criteria.

There is no industry body, academic institution, insurer, regulator, or forensic standard that recognizes such a number. It is not published, peer‑reviewed, or bench-marked. It is simply a marketing claim dressed as expertise.

When someone says, “We’ve catalogued 300 ways,” the immediate question should be:

According to what taxonomy? What methodology? What peer review?

There is no answer, because the number is rhetorical, not empirical.

If the logic were sound, every industry would use it — and none do. Banks, pharmacies, law firms, and hospitals all face insider-risk environments. None of them claim “hundreds of ways to steal,” because professionals in those fields understand that fraud methods cluster tightly, that strong controls can eliminate entire clusters at once, and that counting permutations adds nothing useful. If dentistry truly had 300 unique, irreducible theft methods, it would be the most fraud-complex industry in North America. It isn’t.

Banks, pharmacies, law firms, and hospitals all face insider‑risk environments. None of them claim “hundreds of ways to steal” because professionals in those fields understand that:

• fraud methods cluster tightly
• controls eliminate entire clusters at once
• counting permutations is meaningless

If the dental sector truly had 300 unique, irreducible theft methods, it would be the most fraud‑complex industry in North America. It isn’t.

The claim contradicts how internal controls actually work. Effective controls do not need to block 300 hypothetical schemes. They need to eliminate the conditions that make theft possible in the first place: unrestricted access to funds, absence of oversight, no reconciliation process, no audit trail, and a single employee controlling the entire revenue cycle. When those conditions are corrected, the “300 ways” collapse into a handful of blocked pathways. The number is irrelevant — because it is the vulnerabilities, not the thief’s creativity, that determine the risk.

The claim is designed to sell fear, not solve problems. “300 ways to steal” is not a forensic insight — it is a sales tactic. Inflate the threat, declare prevention impossible, and present yourself as the only expert who can navigate the chaos. Informed readers will recognize this pattern immediately. It is the same rhetorical move used throughout cybersecurity marketing: exaggerate complexity to make the audience feel helpless, then offer yourself as the solution.

Busting Other DENTAL Embezzlement Myths

A common myth holds that employees can only steal cash — a belief rooted in the false assumption that checks, credit cards, and electronic payments are somehow “safe harbors.” The reality is that dishonest employees can exploit any form of payment the practice accepts.

See a Typo or an Error? Report it.

The most common payment theft methods include:

• stealing insurance payments (checks, virtual credit cards)
• stealing patient payments (cash, checks, credit cards)
• unauthorized credit/debit card refunds (to their own card)
• submitting fraudulent dental claims and stealing the payments
• issuing phony refunds to patients and insurance
• payroll padding – phantom employees
• credit card abuse
• check fraud

Beyond payments, employees have also stolen:

• stealing rebates
• stealing dental supplies and then selling them online
• NO2 tank depletion (filling balloons with nitrous after hours)
• prescriptions / medications (anxiolytics, opiates)
• fraudulent Amazon orders – Click here Read More
• Stealing gift cards intended as incentives for patients – the office manager ordered $30K in gift cards in one year. She kept $25K of the gift cards for herself and gave $5K to patients.
• stealing office equipment
• stealing from other employees and patients

Some dishonest employees continued stealing after leaving the practice.

• In one case, a former employee continued receiving employer-paid health benefits for a full year after her theft was first suspected; a cost the practice absorbed unknowingly.
• In another, an employee set up automated ACH withdrawals of more than $600 per month, beginning six months after she had left the practice. By the time the owner noticed the unauthorized transactions, the bank refused to reimburse amounts older than 30 days.
• In a third case, an orthodontic office manager quietly collected dozens of post-dated checks for monthly patient payment plans before abruptly resigning. Three months later, she began cashing them. The practice only learned of it when a patient called to complain that three of her monthly checks had been cashed simultaneously.

How to steal from Patients and Insurance Companies

When a dishonest employee decides to steal a payment, they often use one or more of these methods to conceal their theft .

Deleting Transactions

Cash is the simplest target — easy to pocket, easy to conceal — and most dishonest employees will steal it at some point. (Side note: the proportion of revenue collected in cash varies considerably by practice. Some offices receive less than 1% of their total revenue in cash; others as much as 70%. For most general dental practices, the figure falls between 2% and 6%.)

Here is an illustration of a typical cash scheme:

• the patient has finished treatment and is at the front desk.
• the employee informs the patient there is a balance owing
• the patient makes a cash payment and the employee records the payment in the dental software
• the employee prints a receipt and hands it to the patient
• the patient leaves

Once the patient has left, the employee deletes the cash payment from the software and pockets the money. To make the patient’s account appear balanced — and to conceal the missing payment — the employee typically takes one of three steps: deletes the original treatment charge, applies an unauthorized adjustment to offset it, or back-dates the payment to a previous day.

To conceal this theft, and to make the patient’s account appear in balance, the employee will do one of these things:

1. delete the underlying treatment charge, or
2. apply an unauthorized adjustment to offset the treatment charge, or
3. back-date the original payment

looking for DELETED AND BACKDATED transactions

Your practice management software includes an audit log that can identify deleted payments, removed treatment entries, and back-dated records. Most dentists find these reports difficult to interpret at first — and that is entirely understandable. Reading an audit trail accurately takes time, practice, and familiarity with the specific events your software records.

Why is an Audit Trail so important?

The audit trail is one of the most valuable tools available for detecting billing discrepancies and fraudulent activity. It records modifications, deletions, and date changes to patient and financial data — including changes to appointments and provider allocations. In essence, it helps distinguish between an honest clerical error, negligence, and deliberate fraud. When you notice a deleted or back-dated payment, start by asking whether there is a reasonable explanation. I strongly advise against confronting the employee directly at this stage as doing so can complicate any subsequent investigation.

When you see a deleted or backdated payment, begin by asking yourself if there may be a reasonable explanation. I do not recommend confronting the employee to look for answers, that may worsen the situation.

If you need help, most dental software companies offer online videos and manuals to help you better understand what is in the audit log.

If you have questions about your audit trail, feel free to drop me a line.

spot check for phantom adjustments

Dishonest employees can post fictitious “phantom” adjustments to patient ledgers to create the appearance of a balanced account, essentially substituting a fraudulent credit entry for the actual payment they have stolen. To avoid detection, they typically select an adjustment code that is already used frequently in the practice. In a PPO practice, for example, write-offs for non-covered services are routine. Codes like “Insurance Adjustment” or “Insurance Write-off” may appear hundreds of times across patient ledgers over the course of a year. That volume of legitimate entries makes a single fraudulent one much harder to spot.

Credit adjustments such as “Professional Courtesy” or “Seniors Discount” may be used less frequently by a dishonest employee since it may draw unwanted attention from the owner. (i.e.: a seniors discount applied to a Gen-Y (millennial) patient account will stand out)

writing OFF OLD UNPAID BALANCES

Fraud experts consistently find that the more authority an employee holds, the greater the potential for damage. For this reason, employees should never have unilateral authority to write off unpaid accounts. The practice should have a written policy requiring that all write-offs be reviewed and approved by the practice owner — ideally on a monthly basis. Without that control, what stops a dishonest employee from pocketing a long-overdue payment from a patient they know will never return?

Take the case of Kyle.

Kyle owed the practice $800 for well over a year. The office manager has sent monthly statements, with no success.

Then, one day, “out of the blue” Kyle walks into the practice to pay his bill. Kyle apologizes for being so late with his payment and tells the office manager he has been out of work for a long time and is relocating for a new job out-of-state.

Kyle pays his bill by credit card and leaves. The office manager knows that Kyle will not be returning to the practice, so she deletes the credit card payment from Kyle’s ledger, and replaces it with a write-off. Then, she refunds $800 to her own credit card.

At day end, everything appears in balance and the office manager feels confident that the practice owner will never question the write-off on an old unpaid account.

Back-dating is one of the oldest schemes AND still used today.

Here’s how backdating works:

As an illustration, a patient’s ledger shows there was a visit and charge entered on on March 1, and the patient paid the account balance in full on March 20.

Looks legit – or is it?

With backdating, this is what really happened.

The patient was charged on March 1 but paid the account on March 26. (the patient did pay on March 20 as the ledger shows)

The dishonest employee back-dated the patient payment for March 26 to make it appear as though it was paid six days earlier on March 20.

The employee pocketed the payment and because of backdating, the payment did not not show up on the normal day end report for March 26.

See a Typo or an Error? Report it.

Cash payments are usually stolen on the same or next day.

Cash payments are almost always made at the front desk as the patient is leaving — meaning the payment should be recorded within minutes of the appointment ending. If your audit log shows cash entries posted hours after an appointment concluded, that timing gap may indicate “cash holding”, a scheme in which an employee withholds collected cash during the day and later decides how much to keep without it appearing on the end-of-day report.

SUBMITTING FALSE insurance CLAIMS.

Dishonest employees can also steal directly from insurance companies. In one common scheme, the employee fabricates a dental claim for treatment that was never provided and submits it to the insurer for reimbursement. When the insurance cheque arrives, the employee converts it to cash using one of two methods: they deposit the cheque into the practice’s account and later remove an equivalent amount of cash (a substitution scheme), or they deposit it directly into their own account (depositor forgery). Despite the cheque being made payable to the dentist, ATM deposits make this surprisingly easy to execute.

Sometimes, an employee will collude with a patient (most likely a friend or family member) to steal from the insurance company. The employee sends in fraudulent claims and the insurance checks are mailed to the patient. The patient cashes the check and then shares the proceeds with the employee.

“One of my first cases involved collusion between an employee and a patient. The employee submitted fake claims for the patient’s family and the checks were mailed to the patient . The insurance company paid $43,000 to the patient for work that was never done. The employee cashed the checks and split the money with the employee.”
William Hiltz

Stealing insurance CHECKS

Dishonest employees can also steal insurance checks for work that was actually done and deposit the checks into their own account.

Many practice owners find this hard to believe, yet I see this all the time. Want to see how easy it is to steal insurance checks?

Watch the video of Arica Cameron who stole $600,000 in insurance checks and deposited them into her Wells Fargo account.

DEPOSIT TAMPERING

In every dental office, someone must physically take the cash and checks* to the bank. This person will have an opportunity to take a portion of the money before it is deposited into the dentist’s account.

*practices that use check scanners for remote deposit make fewer trips.

Separation of function will reduce the risk of deposit tampering. In this example, someone is assigned to prepare the bank deposit slip for the bank and a different employee is assigned to make the physical deposit. The employee who made the deposit keeps a copy of the slip which is matched to a receipted deposit slip issued by the bank when the deposit is made.

Separation of function is designed to prevent deposit tampering but thefts still occur because the process is not adhered to.

In many dental offices, a single person oversees preparing the deposit slips, making the deposit, and reconciling the bank statement. That person can steal money and conceal it by falsifying the deposit slips.

To illustrate, if a dentist was paid $1,000, and the employee filled out a deposit slip for $500 and stole the other $500. The employee also made corresponding bogus entries to understate the day’s receipts.

Again, the embezzler’s goal is to create a false sense that everything is in balance.

The best way to deter this kind of fraud is to separate the functions of preparing the deposit and making the deposit.

Stealing from the dentist’s deposit will be difficult to conceal for a long time if separation of function exists.

Deposit tampering can be successful for a long time when a practice owner has no interest in the business side of the practice and trusts one employee to look after all things.

MYTH: “safeguards are not effective”

Red flags can be significant in uncovering financial misconduct.

A staggering 85% of embezzlement cases involved at least one of the Top Six embezzlement red flags.

CLICK ON THE IMAGE TO TAKE THE ASSESSMENT

---

If you have questions, or need help, do not hesitate contact me for assistance.

---

Report an Error or Typo.

If you see an error or spot a typo, please let me know.

Send your comments directly to Bill Hiltz using the form below.