Login IDs of top health officials misused to approve 6,200+ fake claims in late-night cyber fraud
Lucknow: In a major blow to public health governance, a massive Rs 10 crore scam has come to light involving fraudulent medical insurance claims under the Ayushman Bharat Pradhan Mantri Jan Arogya Yojana (PMJAY) and Mukhyamantri Jan Arogya Scheme. The fraud spans across multiple private hospitals in Uttar Pradesh and was flagged during a routine audit, prompting an FIR at Hazratganj police station on Monday.
6,239 Fake Claims Approved in Three Weeks
According to the complaint filed by B.K. Srivastava, State Nodal Officer at SACHIS (State Agency for Comprehensive Health and Integrated Services), between May 1 and May 22, 2025, 6,239 high-value insurance claims from 39 private hospitals were fraudulently processed on the National Health Authority’s online portal — most of them during odd hours, such as late nights or outside standard working hours.
Login Credentials of Key Officials Misused
The FIR highlights that digital credentials of top officials — including from the Implementation Support Agency (ISA), Finance Department, and even the CEO of SACHIS — were compromised and used without authorization to bypass multi-tier verification protocols. Misused user IDs include:
- ISA Users: UP003507, UP008126, UP008171, UP008038, UP008039
- Finance/Accounts: UP001730, UP003881
- CEO-SACHIS: UP008296
These credentials were reportedly used to log in and approve fraudulent claims — actions that the original users were unaware of.
Protocols Bypassed, Claims Approved Illegally
Normally, claims are submitted post-treatment and undergo:
- Medical auditing by ISA
- Financial verification by SACHIS
- Final approval by CEO
In this case, all protocols were sidestepped. Claims were digitally signed and pushed through the system using compromised accounts — some of which were inactive or not in use at the time.
Insider Collusion or Sophisticated Cyber Breach?
ACP Vikas Jaiswal confirmed to TOI that time stamps showed unusual login activity, indicating deliberate tampering. Investigators suspect either an internal conspiracy or a cyber breach, possibly involving advanced digital manipulation.
ISA officials have distanced themselves from the scam, asserting that none of the flagged claims followed their official workflow.
Hospitals Under Scrutiny
The audit further revealed that many hospitals:
- Did not qualify under the scheme.
- Inflated treatment data.
- Were overpaid disproportionately based on false inputs.
Some ₹22 crore worth of claim approvals originated from a finance manager’s login, although that officer had not used the account during the approval window.
Further Action Underway
- Forensic audits and a wider internal investigation have been launched.
- The true scale of the scam is feared to be much higher than ₹10 crore.
- All implicated hospitals and personnel are being examined.
Authorities are working to trace digital fingerprints, verify patient records, and block further payments to the implicated parties.
