Adelaide receptionist defrauds $1 million from Medicare

Publisher
News.com.au
Date published
May 2026

Relevant impacts:  Human Impact, Financial Impact

An Adelaide receptionist, Ms Lauren Tozer, has been sentenced to more than 4 years in jail after pleading guilty to defrauding Medicare of $1 million.

Ms Tozer, who worked as a receptionist for an Adelaide gynaecologist, filed numerous false claims over 4 years for medical services that she did not need. She filed these false claims over 2 separate periods. The first lasted for 3 years between September 2020 and December 2023 and involved 538 false claims, filed using her employer's computer systems. This ended after the Department of Health and Aged Care sent her a letter informing her of an investigation into these claims. Over June 2024, Ms Tozer then filed 6 more false claims, before she was arrested and charged.

This case provides an example of behaviour aligned with the 'reckless' fraudster persona. As noted by the sentencing judge, Ms Tozer spent much of the defrauded money on "fast food, entertainment, gambling, accommodation and travel". In June 2024, Ms Tozer submitted 6 additional claims despite being aware that she was under active investigation. The case also highlights the potential consequences associated with this type of conduct for both the individual involved and those affected.

Access the source

Related fraudster personas

The Reckless

The Reckless acts without care, responsibility or regard to the consequences of their actions by disregarding requirements, procedures, warnings or directions to gain personal benefits.
ICON 026: Reckless persona

The Concealer

The Concealer hides their actions from being seen or known about to dishonestly gain personal benefits.
ICON 032: Concealer persona

The Exploiter

The Exploiter uses something for a wrongful purpose to dishonestly gain personal benefits.
ICON 031: Exploiter persona

Related countermeasures

Staff and contractor rotation

Rotate staff and contractors in and out of roles to avoid familiarity. Staff and contractors can become too familiar with processes, customers or vendors, which can lead to insider threats.

User permissions in systems

Limit and control functionality within systems with user permissions. Assign permissions to users based on specific business needs, such as making high-risk functions limited to specialised users. The Protective Security Policy Framework sets out the government protective security policies that support this countermeasure.

Clear and specific eligibility requirements

Clear eligibility requirements and only approve requests or claims that meet the criteria. This can include internal requests for staff access to systems or information.

Authenticate identity

Authenticate customer or third-party identities during each interaction to confirm the person owns the identity record they are trying to access.

Approval workflows

Use system workflows to make sure all requests, claims or activities are approved only by the appropriate decision-maker.

Privileged access restrictions and monitoring

Limit and monitor privileged system accesses (those that allow staff, contractors and providers to perform special functions or override system and application controls). The Protective Security Policy Framework outlines the government protective security requirements to safeguard information from cyber threats, including to restrict administrative privileges.

Incident reporting

Report on incidents or breaches to help identify if further investigation is required. Clients, public officials or contractors can take advantage of a lack of reporting and transparency to commit fraud, act corruptly and avoid exposure.

Activity reporting

Prepare summary reports on activities for clients, managers or responsible staff.

Investigate fraud

 Investigate fraud in line with the Australian Government Investigation Standards (AGIS).

Submit a case study

We'd like to hear from you if you have a case study to share.

Submit your case study