Ayushman Bharat, the government run health insurance programme, on Saturday confirmed that there had been an attempted security breach. “There have been attempts to get illegal access to large medical data including sensitive personal information,’’ said Dr. Indu Bhushan, CEO Ayushman Bharat – Pradhan Mantri Jan Arogya Yojana.
Alerted about the intrusion 48 hours ago, the National Health Authority — which administers the programme — has now written to all State Governments alerting them about the threat and warning that no sensitive data be shared.
Describing the nature of the attempted breach, Dr. Bhushan said contact had been made with Ayushman Bharat employees urging them to leak sensitive information on the available health profiles of those covered by the scheme.
With more than 3 crore e-cards issued countrywide to individuals covered under the scheme and over 21 lakh hospital admissions, worth ₹2,820 crore, having been approved, the scheme is one of the world’s largest state-run health insurance programmes, according to the government. Health data is extremely sensitive and of great value to commercial and pharmaceutical companies.
“We have this data enveloped in multiple layers of security which is tough to penetrate,” explained Dr. Bhushan. “We also have a stringent access system for those within Ayushman Bharat and we were alerted, almost immediately, when the breach was attempted,’’ he said.
The authority is now also seeking assistance from the public to help ensure that the programme stays cybersecure and that patient data and records are not compromised in any manner.
“We are making a public appeal to please report such cases to @AyushmanNHA at the earliest for proper investigation and actions to mitigate any potential risk,’’ Dr. Bhushan said.
Ayushman Bharat has also had to combat multiple attempts to defraud individuals and companies “using our programmes as a disguise,” said an official, who spoke on condition of anonymity. “People have been offered jobs and some have even been duped saying that we charge for registration. All of this is illegal,’’ the official added.
The official said that an FIR had been registered in Delhi on Friday after some persons came to the city headquarters to deposit ₹10,000 as training fee for a job that was being offered on the programme’s behalf. “All the documents given to them were fake. Three weeks ago we busted a centre that was being run on the outskirts of the capital where people were being charged to get their names registered for accessing healthcare under our programme,’’ he added.