Cybercrime Branch police have arrested two individuals, including a former hospital employee, for allegedly orchestrating a sophisticated financial fraud that resulted in the diversion of ₹9 crore from a private hospital in Noida's Sector 12 over the past two years. The elaborate scheme involved manipulating Municipal Corporation of Delhi health scheme payments meant for employee medical benefits.

The arrested suspects have been identified as Vaibhav Kumar, 42, and Ankur Tyagi, 38, both residents of Indirapuram in Ghaziabad. Authorities indicate that additional arrests may follow as the investigation continues to uncover the full extent of the fraudulent network. The case highlights vulnerabilities in digital payment systems and the importance of robust verification procedures in healthcare financing schemes.

The affected hospital participates in a cashless healthcare program that allows MCD employees to receive medical treatment without upfront payments, with the corporation directly settling bills with enrolled healthcare facilities. This arrangement was specifically designed to provide convenient access to medical services for municipal workers and their families while ensuring prompt payment to healthcare providers.

The fraud came to light on June 22 when Govind Sharma, representing the Sector 12 hospital, filed a complaint with Cybercrime Branch police. Sharma alleged that Vaibhav Kumar, who previously served as a senior recovery manager at the facility, had unauthorized access to change the hospital's registered bank account details with the MCD, resulting in the diversion of ₹74,90,866 to different bank accounts.

The discovery occurred on May 5, 2025, when Sharma attempted to verify a pending payment of ₹74.90 lakh from the MCD. Upon inquiry, municipal officials informed him that the payment had already been processed and transferred. However, when Sharma cross-verified with the hospital's bank, he discovered that no funds had been credited to their legitimate account, prompting further investigation that revealed the fraudulent diversion.

Investigation revealed that the MCD had received what appeared to be an official communication from Kumar requesting a change in the hospital's bank account details. The fraudulent correspondence claimed that the existing account was experiencing technical difficulties and was non-functional, necessitating the update to new banking information. Based on this deceptive communication, the corporation redirected payments to three separate bank accounts controlled by the perpetrators.

Cybercrime Branch SHO Ranjeet Singh confirmed that authorities have registered charges under multiple sections, including criminal breach of trust, cheating, forgery, and tampering with electronic documents under the Bharatiya Nyaya Sanhita and Information Technology Act. Specialized investigation teams have been formed to thoroughly examine the fraud and identify all parties involved in the scheme.

Additional Deputy Commissioner of Cybercrime Branch Manisha Singh provided details about the conspiracy's origins, revealing that Kumar had previously worked at a private hospital in Karkardooma where he established connections with co-conspirators. During his employment there, he met Ankur Tyagi, who served as a partner at another hospital, and an individual identified as Vijay. When Kumar subsequently joined the Sector 12 hospital, his former associates advised him to implement the fraudulent diversion scheme.

The investigation has uncovered that the fraudulent activities extended over approximately three years, with bulk payments cleared by the MCD being systematically misappropriated through the manipulated banking arrangements. The scope of the fraud suggests careful planning and coordination among the perpetrators to exploit weaknesses in the payment verification system.

Recovery efforts have begun, with authorities successfully retrieving ₹77,330 so far, though this represents only a small fraction of the total amount allegedly stolen. ADCP Singh emphasized that comprehensive efforts are underway to recover additional funds and that investigators are examining the involvement of all hospital employees who may have been connected to the transfer and receipt of diverted payments.

The case underscores the need for enhanced security measures in healthcare payment systems and more stringent verification procedures when processing account modification requests. The investigation continues as authorities work to identify the full network of individuals involved in the scheme and recover the remaining stolen funds for the affected hospital.