India’s Star Health confirms data breach after hackers send customers’ health data online

Star Health and Allied Insurance, one of India’s largest health insurers, has confirmed it was the target of a “malicious cyber attack,” nearly two weeks after hackers said they sent customers’ health records and other sensitive information online.

The Chennai-headquartered insurance giant told TechCrunch in a statement on Wednesday that the cyberattack resulted in “unauthorized and illegal access to certain data,” though it said its operations were not disrupted and services continued.

“A thorough and rigorous investigation, led by independent cybersecurity experts, is ongoing, and we are working closely with government and regulatory authorities at all stages of this investigation, including properly reporting the incident to insurance and cybersecurity regulatory authorities without filing a criminal complaint,” the company said in its statement. .

When asked by TechCrunch, Star Health would not say whether the data breach included customer data.

Last month, a group of hackers created chatbots on Telegram that leaked personal data allegedly belonging to 31 million Star Health policyholders and more than 5.8 million insurance claims. The data included full names, phone numbers, and home addresses, as well as medical reports and insurance claims for individuals. Hackers also share copies of individual credit card and tax information.

Star Health told TechCrunch at the time that the company was “investigating” the alleged theft.

Soon after Telegram’s hacker bots came to light, Star Health filed a legal complaint in the Madras High Court against Telegram for hosting chatbots. The insurer also named Cloudflare in its lawsuit for its role in hosting hacker group websites for its work.

India’s CERT-In told TechCrunch earlier that “appropriate action has already been taken with the concerned authority.”

The details of the breach, and whether hackers obtained millions of customer data, remain unclear.

The hacker’s website, which is used to advertise Telegram bots to share allegedly stolen personal data, includes a video that allegedly shows screenshots and conversations between Star Health CISO Amarjeet Khanuja and a group of hackers. TechCrunch does not link to the site as it contains personally identifiable information.

The role of the company’s CISO in the cyberattack, if any, is currently unknown.

“We also want to state clearly that our CISO has cooperated properly in the investigation, and to date there has been no finding of wrongdoing. We ask that his privacy be respected as we know that the scary actor is trying to create panic,” the insurance company said on Wednesday.

TechCrunch asked some questions, including whether the insurer can confirm who accessed the data, whether it was an insider or a malicious hacker, and if it knows and can confirm what was accessed or taken. Insurance wouldn’t say.

Star Health, which provides health, personal accident, and overseas and travel insurance, has a network of over 14,000 hospitals and over 850 branch offices across India. Star Health says on its website that it has provided health insurance to 170 million people.