Health insurance company Star Health Insurance has highlighted that a cyberhacker asked for a ransom of $68,000. This is in connection with the breach of customer data that includes their personal information and medical records.
On September 27, 2024, Telegram had said it had deleted the original two bots sharing this data when they were discovered
Health insurance company Star Health Insurance has highlighted that a cyberhacker asked for a ransom of $68,000. This is in connection with the breach of customer data that includes their personal information and medical records.
Hackers have used the data from the company via chatbots on Telegram as per a Reuters report. Following this, the company also took legal action against Telegram and also the hacker.
Telegram, in a note titled "Is blaming the intermediary the new norm in data breach incidents?" said it is becoming increasingly clear that Star Health may have tried to pass the buck to Telegram and Cloudfare.
On September 27, 2024, Telegram had said it had deleted the original two bots sharing this data when they were discovered, and any newly-created bots attempting to share this data were likely removed as part of a massive sweep of Telegram's searchable content, which resulted in an estimated 90 percent of harmful content there being removed.
Personal data like mobile numbers, addresses, and pre-existing medical conditions of more than 3.1 crore customers of Star Health were allegedly sold by a senior company official, as reported on September 20, 2024.
According to the details shared by the UK-based researcher Jason Parker, a hacker by the name of xenZen had published a website with sample data of Star Health and an email communication with a top official responsible for handling and managing the digital network of the company.
"I am leaking all Star Health India customers and insurance claims sensitive data. This leak is sponsored by Star Health and Allied Insurance Company, which sold this data to me directly. You can check the authenticity of the data in the Telegram bots below and read about how they sold it in the section below," the hacker's website read.
The hacker had created Telegram bots to access data of 31,216,953 customers updated till July 2024 and 5,758,425 claims of the company available till early August.
The hacker claimed that Star Health's Chief Information Security Officer (CISO) sold all the data and later tried to change the terms of their deal.
Parker, on October 3, 2024, updated that the threat actor has now self-hosted their data leak bots, making it nearly impossible to get it down permanently.
Clarifying the matter, Star Health, in a statement, said that a thorough and rigorous forensic investigation led by independent cybersecurity experts is underway, and the company is working closely with government and regulatory authorities at every stage of this investigation.
"We also timely approached the Madras High Court, which in the attached order has directed all, including certain third parties, to disable access to the relevant information. We are diligently pursuing the implementation of this order," it had said.
The company categorically mentioned that the CISO has been duly cooperating in the investigation and has not arrived at any finding of wrongdoing by him to date.
(With inputs from PTI)