In a significant breach of India’s flagship healthcare initiative, authorities in Uttar Pradesh and Punjab have busted a fake Ayushman Bharat card racket, recovering over 300 counterfeit IDs generated fraudulently.
The investigation, led by officials from the State Agencies for Comprehensive Health and Integrated Services (SACHIS), revealed that cybercriminals forged the identities of government health officials to gain unauthorised access to the Ayushman Bharat-Pradhan Mantri Jan Arogya Yojana (AB-PMJAY) portal.
The AB-PMJAY, often described as the world’s largest public health insurance scheme, provides Rs 5 lakh annual coverage per family for secondary and tertiary medical care.
According to reports, the scam was uncovered during the Diwali holidays, when the perpetrators exploited verification loopholes in the system. By generating fake credentials of SACHIS officials, they managed to log into the official Ayushman Bharat portal and issue counterfeit health cards.
The fraudsters primarily targeted Bareilly and Shahjahanpur districts in Uttar Pradesh, and Jalandhar in Punjab, where unsuspecting residents were issued fake health cards that appeared authentic in every way.
Investigations revealed that the criminals manipulated mobile numbers linked to the accounts of genuine SACHIS officers. They matched these with Aadhaar-linked numbers of beneficiaries and altered official records on the system.
This tactic effectively blocked the real officials from receiving one-time passwords (OTPs) required for verification, allowing the culprits to bypass the security layer and approve fake Ayushman cards without detection.
The breach came to light when officials noticed irregular login patterns and a surge in card generation activities during non-working hours. Following this, SACHIS authorities immediately initiated a digital audit and identified over 300 fraudulent entries.
The forged IDs were deactivated, and the corresponding fake Ayushman and Aadhaar cards were cancelled. State Nodal Officer Sachin Vaishya swiftly lodged an FIR at Lucknow’s Hazratganj police station, leading to the registration of a formal investigation into the scam.
Officials from the State Health Department have confirmed that a dedicated cyber forensic team is tracing the IP addresses and devices used for the unauthorised logins.
Authorities are now probing the possibility of insider involvement, as the scam required access to official credentials and verification mechanisms.
A senior official from the Health Department told reporters that the pattern of manipulation suggested “knowledge of the internal process and portal structure,” raising concerns about possible collusion with SACHIS employees or contracted technical staff.
To prevent future breaches, the government has ordered a comprehensive audit of all Ayushman card issuances made in the past six months, especially in districts where anomalies were found.
The Ayushman Bharat-PMJAY scheme, launched in September 2018, aims to ensure that no family in India faces financial hardship due to medical expenses. It has issued over 42 crore Ayushman cards and facilitated cashless treatments across 33,000 empanelled hospitals nationwide.
However, the latest scam has raised serious questions about digital verification systems and the potential misuse of welfare databases.
An official from the National Health Authority (NHA) stated that “such incidents, while rare, highlight the urgent need for tighter data encryption, real-time OTP validation, and periodic access audits.”
Following the exposure of the racket, both Uttar Pradesh and Punjab governments have directed their district health agencies to verify every new Ayushman card generated after May 2025.
The Union Health Ministry has also ordered an internal audit of SACHIS’s digital infrastructure and initiated discussions on introducing biometric verification for all card issuances.
Officials are also working on deploying AI-based fraud detection systems under the Ayushman Bharat Digital Mission (ABDM) to automatically flag suspicious activities such as multiple logins, irregular working-hour approvals, and mismatched Aadhaar data.
Despite the setback, officials emphasised that the core architecture of Ayushman Bharat remains secure, and no beneficiary data has been leaked.
The National Health Authority has assured that the affected districts are under review, and beneficiaries holding legitimate cards will continue to receive uninterrupted healthcare benefits.
The government has also urged the public to verify their Ayushman Bharat cards only through official channels, such as the Ayushman Bharat website or the NHA’s mobile app, to prevent falling victim to fraudulent intermediaries.
As the investigation continues, the government’s focus remains clear to protect beneficiaries, restore public trust, and ensure that every Ayushman card issued genuinely represents the promise of affordable healthcare for all.
Comments