How A Female Employee and Her Accomplice Cracked eCitizen and Siphoned Sh10 Million From Moi Teaching and Referral Hospital

She walked the corridors of Moi Teaching and Referral Hospital (MTRH) in Eldoret like any other dedicated staff member. She processed patient bills, navigated the government’s eCitizen system with ease, and, if anything, appeared to be a model of efficiency.

Nobody suspected that Jane Wangari Wachira had turned this efficiency into an art form of criminal ingenuity that would, over the span of more than thirteen months, drain Sh10 million from one of Kenya’s most critical public health institutions.

Today, she sits in police custody at Naiberi Police Station, alongside her external accomplice, Khamisi Hussein Akida, as investigators piece together what detectives are already calling one of the most brazen inside jobs in the history of Kenya’s public healthcare system.

The court has granted police ten days to hold the pair, with the next hearing set for February 26.

When they eventually face a judge, the charges are expected to include conspiracy to defraud and violations of the Computer Misuse and Cybercrimes Act.

The Anatomy of the Scheme

The scheme was elegant in its simplicity and devastating in its scale. According to the Eldoret lead investigating officer, Edwin Chirchir, Wachira and Akida targeted unsuspecting patients arriving at MTRH to pay their hospital bills between January 1, 2025, and February 9, 2026. Rather than directing patients to pay into the hospital’s official government paybill, 222222, the duo diverted them.

Patients were instructed to pay via cash or through Akida’s personal M-Pesa account numbers. Some were told this was a convenience. Others simply trusted that a hospital employee knew what she was doing.

Once a patient handed over their money, Wachira moved to the next, equally crucial step.

Using her insider access to the eCitizen platform, she logged into the system and cleared the patient’s bill as though full payment had been received and deposited. Official receipts were generated.

Patients were given the clearance paperwork they needed to be discharged. To any administrator reviewing the records, everything appeared in order. What nobody saw was that not a single shilling of those payments had entered MTRH’s accounts.

“The suspect accessed the eCitizen platform to purportedly ‘clear’ the patients’ bills without depositing a single cent into the hospital’s account,” Chirchir told the Eldoret Chief Magistrate, Peter Ndwiga, during a miscellaneous application hearing.

The scam unravelled not because of a whistleblower or a suspicious patient, but through the painstaking work of MTRH’s internal audit team. On February 5, 2026, auditors flagging discrepancies in the hospital’s accounts stumbled upon the financial void. Thirteen days later, two people were in police cells and detectives were reconstructing over a year of financial subterfuge.

A Platform Already Under Fire

The MTRH fraud does not exist in isolation. It arrives against a backdrop of mounting and deeply disturbing revelations about the eCitizen platform itself.

A sweeping audit by Auditor-General Nancy Gathungu, covering the financial year ending June 30, 2024, found that approximately Sh44.8 billion in eCitizen collections could not be accounted for.

Discrepancies emerged between what the eCitizen portal showed, what revenue statements reflected, and what ultimately appeared in government ledgers.

More alarming still, the Auditor-General found that the government does not fully control its own platform. eCitizen, which now processes thousands of government services across more than 220 agencies, was originally developed by a private consortium and handed to the National Treasury in 2017.

Yet by 2023, a second handover agreement had inexplicably returned effective control back to the vendor, Webmasters Kenya Ltd, leaving the state in the unusual and dangerous position of being dependent on a private company to run its primary digital revenue collection system.

Moi Teaching and Referral Hospital in Eldoret City.

The audit also flagged that four transactions in January 2024 totalling Sh127.85 million were transferred from the official government paybill 222222 directly to private entities, with no documentation, approval trail, or justification.

A separate Pesaflow Equity Bank account not among Treasury’s approved collection accounts had processed funds whose full scope remains unverified. The National Treasury even failed to provide documents that would have allowed the Auditor-General to assess the eCitizen system’s IT security controls.

It is within this environment of systemic opacity and fractured oversight that Wachira allegedly found her opening. The MTRH case reveals something chilling: one does not need access to billions to exploit eCitizen’s vulnerabilities. All that may be needed is an employee badge, a position of trust, and the knowledge of which buttons to press.

A Larger Syndicate? Investigators Think So

Detectives are not convinced that Wachira and Akida operated alone. Officer Chirchir was explicit before the magistrate: senior officers in MTRH’s Finance and ICT departments are currently under investigation, with investigators probing whether they provided what he described as a “technical backdoor” that allowed the eCitizen system to be manipulated.

The suggestion is as troubling as it is logical. Manipulating a government payment platform to clear bills without corresponding deposits would, in a properly secured system, require either extraordinary technical access or deliberate configuration of weaknesses.

“We suspect that this is part of a larger network, and we will pursue all leads,” Chirchir told the court, a statement that will send tremors through MTRH’s corridors as staff members with access to financial and digital systems await the next knock on the door.

The Communications Authority of Kenya (CA) has been listed as a third respondent in the case, tasked with assisting in tracing the digital trail. Investigators are combing through CCTV footage, mobile phone records, and M-Pesa and bank statements in an effort to map the full financial network. Key witnesses are yet to record statements.

Stripped of the procedural language of court hearings and audit reports, this is a story about patients who came to a government hospital for help and were betrayed by the very hands extended to assist them. Men and women who may have scraped together hard-earned money for medical fees walked away clutching receipts that were, in essence, counterfeit.

The hospital, one of Kenya’s largest and most relied-upon national referral facilities, served thousands during the period the fraud was ongoing, none the wiser that its accounts were haemorrhaging millions.

MTRH, a 900-bed institution in Eldoret serving as a referral centre for the entire Rift Valley region and beyond, operates under constant resource pressure. The loss of Sh10 million to fraud at a hospital where new mothers have previously been detained for failing to pay SHA fees is not merely a financial crime. It is an institutional wound.

A Wake-Up Call That Must Not Be Ignored

“This is a wake-up call for hospitals and government agencies that rely heavily on digital payments. Without proper checks, insider fraud can occur even in major institutions,” Chirchir warned. His words land on a government that has staked enormous political capital on eCitizen as the centrepiece of a digital governance revolution.

President William Ruto’s “Gava Mkononi” vision, which saw eCitizen’s revenue surge by 300 percent in the months following its expansion, is now confronted with a question as uncomfortable as it is unavoidable: what good is a platform that citizens are made to trust if those on the inside can hollow it out at will?

Experts who have studied the eCitizen ecosystem point to a pattern that predates this case.

Research by governance analysts has documented how the platform, despite its streamlined interface, operates in an environment where internal sabotage has repeatedly been used to create dependency on corrupt workarounds. One analysis noted bluntly that the platform “exhibits multiple loopholes, including untraceable transactions, allowing individuals to exploit vulnerabilities.”

For now, Wachira and Akida are in custody. The auditors are counting. The investigators are watching CCTV. And somewhere in the sprawling digital architecture of the eCitizen system, the question lingers with uncomfortable persistence: how many others?

CONTEXT: The eCitizen Numbers

Sh44.8 billion in eCitizen collections were found unaccounted for in the Auditor-General’s 2024 report. Four transactions totalling Sh127.85 million were transferred to private entities from the government’s own paybill 222222 with no documentation. Sh7.05 billion sits in limbo in eCitizen collection and settlement accounts as of June 2024. The MTRH fraud represents Sh10 million of what investigators fear may be a far wider pattern of exploitation.