Star Health & Allied Insurance, one of India's largest health insurers, is investigating a cybersecurity incident that allegedly leaked sensitive data about customers, including medical records.
The Chennai-headquartered insurance major told TechCrunch that a “forensic investigation” is underway after data allegedly stolen from the company was shared online.
The hacker group recently created a chatbot on Telegram to leak purported personal data of Star Health policyholders, including names, phone numbers, home addresses, medical reports, and insurance claims, as well as copies of identity documents and personal tax details.
Reuters was first to report that the Telegram chatbot had leaked customer data from Star Health, which said it has provided insurance to 170 million people.
The hacker group created a data-sharing website that included a link to the Telegram bot. TechCrunch has reviewed the site but is not linking to it as it appears to contain personal information. The site also contained screenshots and a video that appears to show a conversation between Star Health CISO Amarjeet Khanuja and the hacker group.
Star Health declined to comment when contacted by TechCrunch with several questions about the incident.
“Given the circumstances, it is premature for a publicly traded company to issue a statement without completing a thorough investigation,” Star Health spokeswoman Diana Monteiro said in an email.
Star Health announced on Thursday in a public notice published in the Chennai edition of The Hindu newspaper and seen by TechCrunch that it was suing Telegram for hosting the chatbot. The insurer also named Cloudflare in its lawsuit for hosting the hacker group's website on its service.
As a result, the court issued a preliminary injunction restraining Telegram and Cloudflare from using their platforms to share Star Health's brand in any way.
TechCrunch has confirmed that the hacker group's website was not accessible from certain internet providers in India, but was accessible from others at the time of writing. After the website was blocked, it continued to redirect to a web address hosted on a Cloudflare domain.
The insurer has a network of over 14,000 hospitals and 850+ branches across India and has processed claims worth over $3.6 billion to date. It offers medical, personal accident and international travel insurance.
Telegram, Cloudflare and India's CERT-In did not respond to requests for comment.