A shocking case raising serious questions about the digital registration and document verification process of private medical facilities has come to light in Lucknow. A registered Ayurvedic practitioner from Bahraich has alleged that his Bachelor of Ayurvedic Medicine and Surgery (BAMS) degree and professional registration credentials were used to secure licenses for 10 different private hospitals in the state capital without his knowledge or consent.
The widespread irregularity was discovered during a routine validation exercise on Uttar Pradesh’s single-window Janhit Portal. Although a formal complaint supported by a sworn legal affidavit has been submitted to the Chief Medical Officer (CMO) of Lucknow, the critical matter has reportedly seen little regulatory progress despite the severity of the institutional security breach.
Registration Begins for FutureCrime Summit 2026, India’s Largest Cybercrime Conference
The Janhit Portal Telemetry Discovery
According to the complaint, Dr. Virendra Kumar, a BAMS practitioner native to Bahraich with registration number 43181, became aware of the credential theft while visiting the Bahraich CMO office on June 1 for unrelated official paperwork. While an operator was running an online verification check on documents tied to regional nursing home setups, the database system flagged that Kumar’s personal education transcripts and medical council registration codes were concurrently active across 10 separate hospital properties operating inside Lucknow.
The revelation came as an absolute shock to the practitioner, who maintains that he has never practiced in the Lucknow district, has never interviewed at any of the named facilities, and has never authorized the physical or digital duplication of his transcripts for compliance purposes. He alleges that his credentials may have been illegally traded or copied to represent unqualified individuals as certified clinicians, or to fulfill mandatory minimum personnel criteria during the commercial onboarding of these private units.
The credentials exploitation pipeline followed a multi-stage data manipulation loop. The sequence initiated with data skimming, where original medical registration certificates were compromised or copied without the practitioner’s knowledge. This transitioned directly into bulk system application, with distinct hospital management nodes uploading the identical registration number to bypass technical staffing requirements on the digital Janhit Portal. The cycle concluded with regulatory oversight failure, as automated portals allowed multiple simultaneous active licenses on a single registration ID across the state.
Shifting Regulatory Rules and Loopholes
Following the database discovery, Dr. Kumar submitted a comprehensive written complaint along with a sworn affidavit to the Lucknow CMO, demanding a high-level forensic inquiry and immediate criminal prosecution of the hospital owners. However, according to the complainant, no significant enforcement actions or physical inspections have been visible on the ground.
The case has drawn sharp criticism from health advocates because it highlights clear vulnerabilities in the digital verification infrastructures engineered to regulate private medical infrastructure. Over the past several cycles, the health department has increasingly relied on automated single-window portals to process fresh licenses and annual renewals. If a single physician’s identity can be successfully anchored to 10 separate institutions without triggering system blocks, it reveals deep systemic gaps in live document authentication.
Inquiry Ordered and Quorum Validations
The incident stands out further because it clashes directly with recent statutory policy updates. While qualifications from Ayurveda, Yoga, Unani, Siddha, and Homeopathy (AYUSH) streams were historically accepted for certain basic clinical registration categories, Uttar Pradesh updated its regulatory guidelines, making a valid Bachelor of Medicine, Bachelor of Surgery (MBBS) degree mandatory for establishing standard modern private hospital registrations.
Addressing the anomaly, Dr. A.P. Singh, the regional nodal officer for private nursing homes, clarified that a BAMS qualification is fundamentally invalid for registering standard multi-specialty hospitals under the revised state provisions. He noted that it remains highly probable that the private entities uploaded the doctor’s details into obsolete database fields to substitute for missing medical practitioners.
An internal inquiry committee has been set up to review the digital audit trails of the 10 establishments, and regional health teams are auditing live staff rolls to ensure public safety and verify that clinical operations are managed exclusively by qualified medical personnel.
