The dangers of telehealth: data breaches, phishing, and spam — How to Identify & Stay Safe

Severity: MEDIUM | View Full Scam Details

The Dangers of Telehealth in India 2026: Data Breaches, Phishing, and Spam Scams Explored

Telehealth scams are on the rise in India, putting your personal health data and money at risk through fake websites, phishing, and relentless spam.

What Is the Dangers of Telehealth: Data Breaches, Phishing, and Spam?

Telehealth, or virtual healthcare services, have become a lifeline for many Indians, especially after the COVID-19 pandemic made hospital visits difficult. With just a smartphone or computer, patients can consult doctors from any corner of the country. This convenience has led to a booming telehealth market in India, with millions turning to apps and websites for medical advice.

However, this shift also attracted cybercriminals looking to exploit users' trust. Scammers create fake telehealth platforms that look almost identical to real ones, often advertised aggressively on WhatsApp, Instagram, or other social media channels. They promise free consultations, cheap medicines, or discounts to lure patients. The scam mainly targets vulnerable groups—especially the elderly or those seeking urgent medical advice. The scam is now widespread enough for cybersecurity agencies like CERT-In and the Indian Cyber Crime Coordination Centre (I4C) to issue advisories warning users about such threats.

In many cases, attackers steal sensitive health information or payment details, leading to data breaches that risk your privacy and financial security. With health data becoming a part of Aadhaar and insurance profiles, these scams pose serious risks beyond just money loss.

How This Scam Works — Step by Step

1. Initial Contact via Social Media or SMS: You receive a WhatsApp message or ad offering free online health consultations from a trusted doctor or clinic name.
2. Fake Telehealth Website/App Link: The message includes a link to a website or app that looks legitimate but is a fake portal controlled by scammers.
3. Patient Registration: You enter personal details like name, phone number, Aadhaar, and health history to book your consultation.
4. Phishing for Payment Details: When it's time for payment—often for “registration fees” or medicine delivery—the portal asks for UPI ID, credit/debit card info, or net banking credentials.
5. Unauthorized Transactions: Once payment data is entered, fraudsters initiate UPI or card transactions, draining your accounts. Sometimes they request OTPs (one-time passwords), which you may share unknowingly.
6. Spam and Data Misuse: After capturing your data, you start receiving spam calls and messages promoting unrelated products or fake health schemes. Your data may be sold on the dark web or misused for identity fraud and SIM swaps.

Real Warning Signs to Watch For

• Poorly designed websites or apps with spelling mistakes and incorrect logos.
• Requests for upfront payments before any consultation.
• Demands for sensitive info like Aadhaar, bank PIN, or OTP over calls or chats.
• Unsolicited WhatsApp messages or social media ads claiming free health services.
• Urgency or pressure to share personal or financial details.
• No verifiable contact information or physical address for the telehealth provider.
• Excessive spam calls/messages after initial contact.

What Happens to Victims

Victims often lose money instantly through fraudulent UPI transfers or fake payments linked to their debit/credit cards. Unlike some banking frauds, unauthorized UPI payments are hard to reverse without police cases due to RBI guidelines. The misuse of Aadhaar or health records can cause long-term privacy breaches, making victims vulnerable to fake loans or insurance frauds. Emotional distress adds up as victims cope with health worries alongside financial loss and identity theft, with many hesitant to report due to stigma or mistrust of authorities.

What RBI and CERT-In Say

The Reserve Bank of India (RBI) has emphasized vigilance while sharing financial information online and advises against sharing OTPs or PINs with anyone. The Indian Computer Emergency Response Team (CERT-In) regularly issues warnings about phishing attacks and data breaches through telehealth portals. The Indian Cyber Crime Coordination Centre (I4C) also recommends verifying the authenticity of digital health platforms and encourages reporting suspicious activity immediately. For cybercrime complaints, you can call the 1930 cybercrime helpline or visit cybercrime.gov.in.

How to Protect Yourself

1. Always verify telehealth services through government or well-known hospital websites.
2. Never click on unsolicited links from WhatsApp or social media regarding health offers.
3. Do not share OTPs, Aadhaar numbers, bank PINs, or passwords with anyone.
4. Use UPI apps with transaction alerts and limit payment permissions.
5. Check for official certifications or licenses on telehealth platforms.
6. Avoid making payments before verifying the authenticity of the doctor or clinic.
7. Regularly update your phone’s security software and enable two-factor authentication on financial apps.

What to Do If You’ve Been Targeted

• Immediately block and report the fraudulent contact on WhatsApp or social media.
• Contact your bank or UPI provider to freeze your account or block cards.
• File a complaint on cybercrime.gov.in with all details—screenshots, messages, transaction info.
• Call the 1930 cybercrime helpline for assistance and complaint registration.
• Report Aadhaar misuse by contacting UIDAI and request a lock or verification.
• Change all related passwords and alert family members or caregivers.
• Monitor bank accounts and credit reports regularly for suspicious activity.

Frequently Asked Questions

Q: Can I get my money back if I paid through UPI in a telehealth scam?
A: UPI payments are like instant transfers and usually cannot be reversed by banks unless proven as a system error or fraud with a police complaint. That’s why prompt reporting to cybercrime authorities is critical.

Q: How can I check if a telehealth website is genuine?
A: Look for official certificates, registered business details, verifiable doctor credentials, and reviews on trusted portals. Avoid sites that seem rushed, have spelling mistakes, or offer deals too good to be true.

Q: Is my Aadhaar linked health data at risk from these scams?
A: Yes, scammers may misuse your Aadhaar-linked data for identity theft or fake health insurance claims. Always protect your Aadhaar number and use biometric locks where possible.

Telehealth is a powerful tool for accessible healthcare, but cybercriminals exploit trust and urgency. Always verify before you click or pay. If you ever feel unsure about a message or call related to telehealth, verify it now at BharatSecure.app — your first step in stopping scams before they start.