In the aftermath of the data breach at Star Health and Allied Insurance Company, the emergence of an insider threat has raised concerns about the security practices within the organization. The incident initially came to light when an employee allegedly offered illegal API access to the company’s customer medical records for a sum of $43,000. Subsequently, the employee escalated the demand to $150,000, citing the involvement of “senior management” who purportedly wanted a share of the illicit proceeds. However, instead of complying with the demands, the potential buyer chose to bring the matter to light by blowing the whistle on the attempted crime.
The repercussions of this insider deal escalated significantly in September 2024 when a cyberattack, reportedly orchestrated by a threat actor using the alias “xenZen,” targeted Star Health. Through self-hosted data leak bots on messaging app Telegram, the hacker announced a massive breach of Star Health’s customer data. The claim made on the platform insinuated that the leaked data was acquired through a transaction with Star Health, implying complicity on the part of the company.
According to xenZen, the extent of the data breach is staggering, with a total of 7.24 terabytes of information compromised, affecting over 31 million customers. The leaked data includes a wide range of personal and medical records, insurance claims, and sensitive identifiers such as Aadhaar and PAN card photos, detailed medical reports, and more. The sheer volume and sensitivity of the compromised information underscore the severity of the breach and raise questions about the adequacy of Star Health’s data security measures.
Following the revelation of the breach, Star Health faced immediate repercussions in the financial markets, with its shares plummeting by 1.7%. The company issued a statement portraying itself as a victim of a targeted cyberattack and initiated a forensic investigation led by independent cybersecurity experts to ascertain the full extent of the breach and identify the responsible parties. Allegations implicating Star Health’s Chief Information Security Officer (CISO) in the data leak further complicated the situation, although the company maintains that no evidence of misconduct has been substantiated against the CISO.
To address the implications of the breach and mitigate future risks, Star Health has pledged transparency and collaboration with government and regulatory authorities throughout the investigation process. Additionally, the Madras High Court has intervened by directing relevant parties to disable access to the leaked information, emphasizing the urgency of remedial actions to safeguard customer privacy.
In conclusion, the Star Health cyberattack serves as a stark reminder of the vulnerabilities inherent in digital platforms like Telegram that can be exploited by malicious actors for illicit activities. The incident underscores the challenges of regulating online communication tools and the critical importance of robust cybersecurity measures to protect sensitive personal and medical data from unauthorized access and exploitation.