A brazen digital heist at the Moi Teaching and Referral Hospital (MTRH) has exposed the soft underbelly of government digitization, after a staff member allegedly siphoned KES 10 million by manipulating the eCitizen platform.

The promise of the eCitizen platform was to seal loopholes and stop revenue leakage. Yet, in a sophisticated inside job, MTRH employee Jane Wangari Wachira and her accomplice, Khamisi Hussein Akida, allegedly turned the system into their personal piggy bank. Detectives in Eldoret have uncovered a scheme where the duo bypassed the official Paybill 222222, diverting patient payments into personal M-Pesa accounts while marking the bills as "cleared" in the hospital system.

"It was a bold inside job," stated Investigating Officer Edwin Chirchir. "They exploited the trust of patients who believed they were paying the hospital, unaware their money was funding an individual's lifestyle."

The Modus Operandi

The fraud, which ran between January 2025 and February 2026, was deceptively simple. Patients at the billing desk were instructed to pay cash or send money to a specific "agent" number due to "system delays." Once the money was received by Akida externally, Wachira would use her credentials to manually clear the patient's bill in the hospital's database. The scheme went undetected for over a year until an internal audit flagged the discrepancy between the patients treated and the revenue recorded.

A Wake-Up Call for Digital Health

This scandal is a major embarrassment for the government's digital transformation agenda. MTRH is a flagship institution, and for its systems to be compromised so easily raises alarming questions about the security of the billions of shillings processed via eCitizen daily. It highlights the "human element" in cyber security—no firewall can stop a rogue employee with admin rights.

• Suspects: Jane Wangari Wachira (Staff) & Khamisi Hussein Akida.
• Amount Lost: KES 10 Million.
• Method: Diverting payments to personal lines; manual clearance of bills.

As the suspects face charges, the hospital administration is scrambling to plug the holes. But for the taxpayers, the question remains: is our money safe in the digital basket?