Federal Reports

New York based health care providers Muhammad Mirza, a medical doctor, and Punson Figueroa, an acupuncturist, were excluded June 19, 2025, from participating in federal health care programs by the Health and Human Services Office of Inspector General (HHS OIG). The two providers previously pleaded guilty for their participation in an Amtrak-OIG investigated health care fraud conspiracy in which they conspired with dozens of Amtrak employees to use the employees’ health insurance information to file fraudulent claims. In exchange, the two providers paid cash kickbacks to the employees.

Mirza was sentenced on May 10, 2024, to 26 months in prison and ordered to pay restitution of $1.37 million, and Figueroa was sentenced on September 26, 2024, to 34 months in prison and ordered to pay restitution of $9.05 million. Both Mirza and Figueroa were excluded from participating in federal health care programs for 25 and 30 years, respectively.

The U.S. AbilityOne Commission (AbilityOne) Office of Inspector General (OIG) conducted an investigation of employee conduct in response to a complaint received.

Agency program officials, chief information officers, and inspectors general must annually review information security programs and report to the Department of Homeland Security and Congress on agency compliance with the Federal Information Security Modernization Act (FISMA). The OIG contracted with an independent public accounting firm, CliftonLarsonAllen LLP (CLA), to evaluate VA’s information security program for FY 2024. After assessing 49 major applications and general support systems hosted at 23 VA facilities and on the VA Enterprise Cloud, CLA concluded that VA continues to face significant challenges meeting FISMA requirements because of the nature and maturity of its information security program.

The audit found continuing deficiencies related to access controls, configuration management controls, security management controls, and service continuity practices designed to protect mission-critical systems from unauthorized access, alteration, or destruction. These deficiencies can be remedied by addressing security-related issues that contributed to the information technology material weakness reported in the FY 2024 audit of VA’s consolidated financial statements; improving the deployment of security patches, system upgrades, and system configurations; improving performance monitoring to ensure controls operate as intended; and communicating identified security deficiencies to appropriate personnel.

Of CLA’s 23 recommendations, VA concurred with 12 and did not concur with 11. Some of the 23 recommendations addressed repeat deficiencies from previous FISMA reports spanning multiple years. CLA will follow up on the outstanding recommendations and evaluate the adequacy of corrective actions in the FY 2025 audit of VA’s information security program.

To learn how communities across the nation responded to the pandemic, we initiated a multi-part review of six communities—two cities, two rural counties, and two Tribal reservations. This report is the sixth community-specific report and focuses on our work in Jicarilla Apache Nation Reservation in New Mexico, where we previously identified that recipients, including city government, small businesses, and individuals, received almost $80 million from 42 pandemic relief programs and subprograms. This report provides a closer look at ten pandemic programs and subprograms provided to Jicarilla Apache Nation Reservation by six federal departments.