Star Health and Allied Insurance Co. Ltd. announced on Saturday, October 12, that the company had received an asking ransom demand of $68,000 to provide access to the leaked confidential customer data and medical records, according to the company's BSE filing.
“The incident involved a series of emails received by Star Health senior executives, in which the Threat Actor claimed unauthorized and illegal access to the customer confidential data and demanded a ransom amount of USD 68,000,” said the company in the exchange filing.
Star Health and Allied Insurance shares closed 3.41 per cent lower at ₹547.85 after Friday's trading session, compared to ₹567.20 at the previous market close. The company released the information related to the ransom amount on Saturday afternoon.
Mint reported earlier about the company accepting, for the first time since media reports on its data leak on Telegram surfaced. Star Health said that they were the victim of a cyberattack and that its operations remained unaffected even though the data leaked on October 9, as per an exchange filing.
The company further clarified about a ransom amount, which was asked in exchange for access to the leaked confidential customer data and medical records. This clarification came at BSE's request for further details on a Reuters report.
“The Exchange has sought clarification from Star Health and Allied Insurance Company Ltd on October 11, 2024, with reference to news appeared in Resuters dated October 11, 2024 quoting 'India''s Star Health probes alleged role of security chief in data leak',” said the company on Friday.
The company also said that it has constituted a Risk Management Committee, which handles the cyber security function, according to the statement.
“We wish to highlight that our investigations are ongoing, and we have engaged competent independent third parties to undertake the exercise. We have not arrived at any finding of wrongdoing by our Chief Information Security Officer (CISO) till date,” said the company in the statement.
Star Health accepted on October 9 that it was the victim of a cyberattack that led to a leak of confidential customer data and medical records.
“We acknowledge that we were the victim of a targeted malicious cyberattack, resulting in unauthorized and illegal access to certain data. We make it absolutely clear that our operations remain unaffected, and all services continue without disruption,” said Star Health.
The company said that an investigation led by independent cybersecurity experts is underway as the company is working with the government and regulatory authorities for the investigation.