Star Health and Allied Insurance has recently faced a significant data breach, following a severe hacking incident that compromised the sensitive personal information of approximately 31 million customers. A hacker operating under the pseudonym “xenZen” created a website and utilized Telegram chatbots to expose private data, which included names, phone numbers, email addresses, as well as financial and health information, raising serious concerns regarding the company’s cybersecurity measures.
The hacker alleged that Amarjeet Khanuja, the Chief Information Security Officer (CISO) of Star Health, had sold the customer data to him. The leak reportedly occurred when Khanuja demanded a larger payment than what had previously been agreed upon. However, the company has stated that Khanuja has been cooperating with the ongoing investigation, and no evidence of wrongdoing has been found at this stage.
Much of this investigation is being conducted with the assistance of external cybersecurity experts, as Star Health confirmed its commitment to transparency and responsibility in addressing the incident. They noted that data encompassing an alarming 7.24 terabytes had been compromised, prompting the company to engage with governmental and regulatory bodies while filing relevant criminal complaints.
CloudSEK, a data security firm based in Bengaluru, has raised questions about the authenticity of the hacker’s claims regarding the involvement of Star Health executives. They noted discrepancies in the evidence presented by the threat actor, suggesting that the use of tools like “inspect element” to deceive observers was possible. Despite this, CloudSEK acknowledged that the data in question appears to have genuine origins from Star Health Insurance.
This incident has initiated a broader discourse surrounding Star Health’s data protection protocols, prompting existing policyholders to reevaluate their positions. The company has taken swift measures including legal action, with directives from the Madras High Court aimed at restricting access to the leaked information and reinforcing the illegal nature of any unauthorized data acquisition or dissemination.
Current policyholders are advised to exercise vigilance concerning communication they receive, being mindful of potential fraudulent activities stemming from the breach. Experts recommend immediate password changes across critical accounts, especially for online banking and health-related applications, and the implementation of two-factor authentication for enhanced security.
Furthermore, the question of whether policyholders should switch to alternative insurance providers has emerged, particularly in light of concerning reports about claim denials and an increasingly difficult claims settlement process. The complexities of changing insurers when pre-existing conditions are involved have led to a cautious approach, as many weigh the risks and benefits of potential transitions.
Amid these developments, regulatory bodies like the Insurance Regulatory and Development Authority of India (IRDAI) have yet to respond to the situation adequately. As the marketplace grapples with this breach, the call for stricter standards in data protection measures and clearer guidelines for breach disclosures under the Digital Personal Data Protection Act is becoming increasingly urgent.
In terms of the tactics utilized in this cyber attack, the incident underscores the relevance of various MITRE ATT&CK techniques. Initial access may have been gained through phishing or exploitation of vulnerabilities, followed by possible persistence mechanisms to maintain access. The execution of data exfiltration techniques highlights the need for enhanced detection and response strategies within organizations to safeguard against potential breaches. As the investigation progresses, Star Health’s response and remediation efforts will be crucial in restoring not only their operational integrity but also customer trust in their brand.
