Star Health Insurance under cyberattack, says operations unaffected even after data leak

Star Health and Allied Insurance Co. Ltd., on Wednesday, October 9, said that the company had been a victim of a targeted malicious cyberattack which resulted in unauthorized and illegal access to certain data, according to the official statement.

“We acknowledge that we were the victim of a targeted malicious cyberattack, resulting in unauthorized and illegal access to certain data. We make it absolutely clear that our operations remain unaffected, and all services continue without disruption,” said the company in the statement.

Star Health and Allied Insurance Co. Ltd. shares closed 1.25 per cent higher at ₹577.65 after Wednesday's trading session, compared to ₹570.50 at the previous market close.

Star Health said that an investigation led by independent cybersecurity experts is underway as the company is working with the government and regulatory authorities for the investigation.

“A thorough and rigorous forensic investigation, led by independent cybersecurity experts is underway, and we are working closely with government and regulatory authorities at every stage of this investigation, including by duly reporting the incident to the insurance and cybersecurity regulatory authorities apart from filing a criminal complaint,” they said in their statement.

The company also approached the Madras High Court, which, in its order, has directed all, including certain third parties, to disable access to the relevant information, according to the statement.

“We are diligently pursuing the implementation of this order,” said Star Health.

The company's Chief Information Security Officer (CISO) Amarjeet Khanuja has been cooperating in the investigation, and the company has not arrived at any findings of wrongdoing by him to date, said the health insurer in its statement.

The company emphasized that the unauthorised acquisition, possession, or dissemination of customer data is illegal and urged all platforms, hosting companies, social media channels and users to take swift and decisive action to halt such activities and comply with the orders of the High Court, according to the statement.

Prior Data Leak

On September 20, the news agency Reuters reported that Star Health Insurance's customer data, which includes medical reports, is publicly accessible via chatbots on Telegram just weeks after the Telegram Founder was accused of allowing the messenger app to facilitate crime.

The company said in an initial statement that “no widespread compromise” happened and that “sensitive customer data remains secure,” according to the report.