Hospital Staff Fake Claims Scam — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 30, 2026

Severity: HIGH | View Full Scam Details

Hospital Staff Fake Claims Scam 2026: How Indian Patients Are Targeted Through Ayushman Bharat Insider Fraud

In 2026, a growing cybercrime pattern in India involves hospital staff abusing Ayushman Bharat scheme data to scam vulnerable patients and steal their identities.

What Is the Hospital Staff Fake Claims Scam?

The Hospital Staff Fake Claims Scam is a serious type of fraud reported increasingly in Indian hospitals participating in the Ayushman Bharat Pradhan Mantri Jan Arogya Yojana (PM-JAY). This government healthcare initiative provides free or subsidized medical treatment to millions of Indians, especially from economically weaker sections. Unfortunately, some hospital employees allegedly exploit their access to sensitive patient data to carry out fraudulent claims under the scheme.

Targeting patients who are undergoing or have recently undergone treatment, these insiders reportedly approach them on WhatsApp or in person, posing as well-intentioned helpers who can ease their claim approval. They coax patients into sharing personal details like Aadhaar numbers, mobile numbers, and other ID documents. Using this information, fraudsters then submit fake claims to the Ayushman Bharat scheme, diverting medical funds and sometimes applying for fraudulent loans using stolen identities.

Public complaints and cybercrime reports show this scam is strongly affecting rural and semi-urban India, where digital literacy and awareness about data privacy remain low. While exact numbers are hard to confirm, the Indian government’s cybercrime cells and CERT-In have noted an uptick in such insider data misuse cases tied to hospital systems. The Reserve Bank of India (RBI) and the Ministry of Electronics & IT reinforce guidelines to safeguard personal digital health data, but the complexity of insider fraud continues to pose challenges.

How This Scam Works — Step by Step

1. Identification of victims: Hospital staff who have access to patient admission records identify individuals eligible for Ayushman Bharat benefits, often those undergoing costly treatments.
2. Initial contact: These insiders contact patients directly, typically through WhatsApp messages or face-to-face conversations, claiming to assist with faster claim approval or loan facilitation related to their treatment.
3. Information collection: Under the guise of support, the accused requests sensitive data including Aadhaar card scans, mobile numbers, UPI IDs, and sometimes OTPs (One-Time Passwords), claiming these are necessary formalities.
4. Data misuse: Using the stolen data, fraudsters submit fake Ayushman Bharat claims on behalf of the patients. This siphons government funds meant for medical care.
5. Loan app exploitation: In some cases, fraudsters use the victim’s details to register fraudulent loan applications on fake loan apps linked to UPI or bank accounts, leading to unauthorized deductions and financial loss.
6. Concealing the scam: To avoid suspicion, victims may receive fake transaction confirmations or documents, while the actual financial damage occurs silently.
7. Delayed detection: Victims often learn about the scam months later when unexpected debts or alerts appear, and reversing such fake transactions can be complicated under UPI and banking rules.

Real Warning Signs to Watch For

• Hospital staff or callers asking for Aadhaar scans and OTPs under urgent pretexts.
• WhatsApp messages offering 'fast-track' claim approvals or loan help linked to the hospital.
• Requests to install or download unfamiliar loan apps for treatment cost assistance.
• Promises of instant cash or benefits that seem too good to be true.
• Payment or UPI requests from unknown or unofficial IDs.
• Lack of proper paperwork or official hospital documentation during communication.
• Unsolicited follow-ups asking for repeated access to mobile phones or SIM cards.

What Happens to Victims

Victims can face severe financial and emotional distress. Using stolen Aadhaar data, fraudsters can access bank accounts through UPI-based payments, contributing to unexpected debits or loan repayments from fake apps. Due to the speed and finality of UPI transactions, recovering lost INR can be difficult, causing long-term monetary damage.

Emotional trauma arises as patients realize their personal medical and identity data has been compromised by those they trusted. They may also face bureaucratic hurdles in rectifying fraudulent Ayushman Bharat claims, compounding their stress during already vulnerable health situations.

Moreover, victims may struggle with SIM swap frauds, where mobile numbers linked to Aadhaar get compromised, leading to further breaches in mobile banking and OTP-based authentication.

What RBI and CERT-In Say

The Reserve Bank of India warns users against sharing OTPs and personal banking information with unknown or unofficial contacts, reminding that neither banks nor government schemes request such sensitive data via WhatsApp or calls. RBI’s Customer Protection guidelines emphasize prompt reporting of fraud and highlight the risks of fake loan apps exploiting personal identification.

CERT-In, India’s National Computer Emergency Response Team, along with the Indian Cyber Crime Coordination Centre (I4C), regularly issues advisories on data privacy, ransomware, and insider threat management. They urge hospitals and healthcare institutions to strengthen data access controls and train staff on handling sensitive patient information responsibly.

The national cybercrime helpline at 1930 is recommended for victims to lodge complaints or seek assistance regarding digitally enabled scams, including those misusing government healthcare benefits.

How to Protect Yourself

1. Never share Aadhaar details or OTPs with hospital staff outside official channels.
2. Verify any WhatsApp or call communication by independently contacting the hospital’s official helpdesk.
3. Do not install loan or financial apps recommended via informal messages linked to your treatment.
4. Regularly check your bank and UPI transaction history for unauthorized debits.
5. Register a mobile number with the National Do Not Call Registry and report spam calls immediately.
6. Ask your hospital for official Ayushman Bharat claim status online through government portals only.
7. Update your mobile SIM security by setting up multi-factor authentication and PIN protections.

What to Do If You've Been Targeted

• Immediately block and report the suspicious contact on WhatsApp and mobile networks.
• Contact your bank and UPI provider to freeze or monitor your account for unusual activity.
• File a formal complaint with the cybercrime.gov.in portal or visit the nearest cybercrime police station.
• Call the national cybercrime helpline number 1930 for guidance and assistance.
• Report the incident to the hospital administration and request them to audit access logs and patient data handling.
• If you suspect Aadhaar misuse, contact UIDAI helpline to flag suspicious activity and consider locking your Aadhaar biometrics temporarily.

Frequently Asked Questions

Q: Can hospital staff legally access my Aadhaar and bank details during treatment?
A: Authorized hospital staff involved in processing Ayushman Bharat claims may access limited patient data but should never request OTPs or banking credentials. Sharing financial OTPs or UPI PINs is unsafe and not required for claim processing.

Q: How can I verify if my Ayushman Bharat claim is genuine or fake?
A: Use the official Ayushman Bharat website or call the scheme’s dedicated helpline to check claim status. Avoid clicking links or downloading attachments sent unofficially.

Q: If my mobile number is involved in this scam, what immediate steps can I take?
A: Report to your mobile operator to block and protect your SIM. Enable mobile number protections like SIM locking and two-factor authentication for banking and government services linked to your phone.

Be cautious and verify any suspicious messages or calls related to your medical treatment or government schemes. To check suspicious contacts or messages, visit BharatSecure.app, and if you encounter any fraud, report it promptly to the 1930 cybercrime helpline.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.