Indian company Star Health confirms a data breach after cybercriminals posted customer health data online

Star Health and Allied Insurance, considered one of India’s largest health insurance firms, has confirmed that it has been the goal of a “malicious cyberattack” some two weeks after cybercriminals claimed to have uploaded customers’ medical records and other sensitive data online.

The Chennai-based insurance giant told TechCrunch in a statement on Wednesday that the cyberattack resulted in “unauthorized and illegal access to certain data,” even though it said it had no impact on its operations or service delivery.

“A thorough and rigorous forensic investigation is ongoing, led by independent cybersecurity experts, and we are working closely with the government and regulators at every stage of this investigation, including by properly reporting the incident to insurance and cybersecurity regulators, in addition to filing a criminal complaint ” – the company said in its statement.

When asked by TechCrunch, Star Health didn’t respond whether the data breach included customer data.

Last month, a group of hackers created chatbots on Telegram that allegedly exposed personal information belonging to 31 million Star Health policyholders and greater than 5.8 million insurance claims. The data included names, telephone numbers and residential addresses, in addition to medical certificates and insurance claims of people. The hackers also provided copies of shoppers’ ID cards and individual tax details.

Star Health told TechCrunch on the time that the company was “investigating” the alleged theft.

Soon after the hacker’s Telegram bots got here to light, Star Health filed a legal grievance within the Madras High Court against Telegram for hosting chatbots. The insurer also named Cloudflare in its lawsuit for its role in hosting the hacker group’s web sites on its service.

India’s CERT-In previously told TechCrunch that it’s “already in the process of taking appropriate action with the concerned authority.”

Details of the breach and the way hackers obtained potentially thousands and thousands of customer records remain unclear.

The hacker’s website, used to publicize Telegram bots sharing allegedly stolen people’s data, incorporates a video purporting to indicate screenshots and conversations between Star Health CISO Amarjeet Khanuja and a group of hackers. TechCrunch doesn’t link to the positioning since it incorporates personal information.

The company’s CISO’s role within the cyberattack, if any, shouldn’t be yet known.

“We would also wish to categorically mention that our CISO duly cooperated within the investigation and up to now we’ve not come to any conclusions about his irregularities. We ask you to respect his privacy as we all know the threat actor is attempting to cause panic,” the insurer said on Wednesday.

TechCrunch asked detailed questions, including: whether the insurer can confirm who accessed the data, whether it was an insider or a malicious intruder, and whether it knows and may confirm what has already been accessed or taken. The insurer didn’t need to say.

Star Health, which provides health, accident, foreign and travel insurance, has a network of over 14,000 hospitals and over 850 branches across India. Star Health says on its website that it has provided health insurance to 170 million people.