On October 9, 2024, Star Health and Allied Insurance revealed that it had fallen victim to a significant cyber attack, which potentially compromised the sensitive data of over 3.1 crore customers. The incident has raised serious concerns regarding the safety of personal health information, prompting regulatory scrutiny and legal actions against platforms involved in the data leak.
What Happened?
Star Health confirmed unauthorized access to certain data following a malicious cyber attack. The company stated that while its operations remained unaffected, a comprehensive forensic investigation is underway, led by independent cybersecurity experts. Star Health is collaborating closely with government and regulatory authorities, ensuring that the incident is reported to relevant insurance and cybersecurity bodies while filing a criminal complaint as part of the ongoing investigation.
Headquartered in Chennai, Star Health serves a vast customer base, providing health insurance to more than 17 crore Indians. Its extensive network comprises approximately 14,000 hospitals and 850 offices across the country, offering services that include personal accident coverage and overseas travel insurance.
The Breach Details
Reports indicate that the hackers utilized Telegram chatbots to disseminate sensitive information belonging to Star Health policyholders. The leaked data reportedly included personal details such as phone numbers, addresses, tax information, copies of ID cards, medical test results, and diagnosis reports, impacting over 5.8 million claims. The malicious actors shared samples of this personal data with potential buyers via these chatbots before Telegram eventually removed the bots, labeling them as scams after receiving multiple user reports.
Following the removal of the chatbots, the hackers reportedly launched a website offering the stolen Star Health dataset for sale at approximately $150,000 (around Rs 1.25 crore). They claimed that the leak was “sponsored” by Star Health and that their chief information security officer (CISO), Amarjeet Khanuja, had directly sold them the data. The hackers’ website provided links to the Telegram bots used in the initial leak and invited visitors to verify the authenticity of the data.
Legal and Corporate Response
In response to the data breach, Star Health has initiated legal proceedings against Telegram for hosting the chatbots that facilitated the data sale. The insurer’s complaint also targets Cloudflare, a US-based software company allegedly hosting the hackers’ websites. However, Cloudflare has denied these claims, asserting that it did not host the domains involved in the data breach.
Regarding the allegations against their CISO, Star Health has stated that he is cooperating fully with the investigation and that there have been no findings of wrongdoing against him thus far. The company urged that his privacy be respected amid the chaos, as the hackers seemed intent on causing panic within the organization and among its customers.
Impact on Star Health
The data breach has had immediate financial repercussions for Star Health, with the company’s shares dropping by 2.5% in morning trading following the news, reflecting investor concerns over the incident and its implications for customer trust and corporate reputation.
Precautions for Affected Customers
For customers who may have been affected by the data breach, Star Health has recommended several precautionary measures:
- Monitor Financial Accounts: Regularly check bank and credit card statements for unauthorized transactions.
- Change Passwords: Update passwords for online accounts, especially those linked to health information and financial data.
- Be Wary of Phishing Attempts: Remain vigilant against emails or messages requesting personal information, as hackers may attempt to exploit the situation further.
- Use Identity Protection Services: Consider enrolling in identity theft protection services that offer monitoring and alerts for suspicious activity.
The Star Health Insurance data breach is a stark reminder of the vulnerabilities that organizations face in today’s digital landscape. As investigations continue and legal actions unfold, the insurance provider must work diligently to restore customer confidence while implementing enhanced security measures to prevent future incidents. Customers and stakeholders alike are advised to stay informed and take necessary precautions in light of this serious data breach.