An insider threat has emerged from the data breach at Star Health and Allied Insurance Company. An employee reportedly offered direct illegal API access to the company’s full customer medical records for $43,000. When the buyer hesitated, the employee escalated the demand to $150,000, claiming that “senior management” wanted a cut. This poorly executed attempt at white-collar crime ultimately backfired, as the buyer chose to blow the whistle instead.
In September 2024, the fallout from this insider deal transformed into a massive Star Health cyberattack. A threat actor, using the alias “xenZen,” launched self-hosted data leak bots on Telegram, announcing a full leak of Star Health’s customer data. This claim, made on the platform, asserted that the data was “sponsored” by Star Health, who had allegedly sold the sensitive information directly to the hacker.
Key Data Compromised in Star Health Cyberattack
According to xenZen, the extent of the data breach is staggering: 7.24 terabytes of information covering over 31 million customers. The data leaked includes comprehensive personal and medical records, insurance claims, and sensitive identifiers like Aadhaar and PAN card photos, detailed medical reports, and more, reported The Hindu.
The specifics of the Star Health data breach reveal a concerning level of exposure. The leaked data encompasses an astonishing 31,216,953 customer records and 5,758,425 insurance claims. Alongside these figures, the breach includes a wide array of personal identifiers, such as full names, mobile numbers, email addresses, and residential addresses.
Moreover, sensitive medical details have also been compromised, including information about pre-existing conditions and health reports. The sheer volume of information involved raises significant questions about the company’s data security measures and its ability to protect customer privacy effectively.
The Immediate Aftermath
As news of the breach spread, Star Health faced immediate repercussions. Shares of the company fell by 1.7%, trading at ₹568.1, a reflection of the investor panic following the breach. The stock has seen only a 4% rise in 2024 and remains down 37% from its IPO price of ₹900 (10.72 United States Dollar).
Star Health issued a statement characterizing itself as a victim of a “targeted malicious cyberattack,” and has initiated a comprehensive forensic investigation led by independent cybersecurity experts. The investigation aims to determine the scope of the Star Health data breach and identify responsible parties.
In a twist that adds complexity to the situation, allegations have surfaced that Amarjeet Khanuja, Star Health’s Chief Information Security Officer (CISO), may have been involved in selling the leaked data. While the company maintains that no wrongdoing has been confirmed against him, the seriousness of these claims necessitates a thorough investigation.
Star Health has committed to transparency, stating it is collaborating with government and regulatory authorities throughout the investigation. To mitigate further risks, the Madras High Court has directed relevant parties to disable access to the leaked information, emphasizing the need for immediate remedial action.
Conclusion
This Star Health cyberattack also draws attention to the role of platforms like Telegram in facilitating the distribution of stolen data. Following criticisms directed at Telegram’s founder, Pavel Durov, regarding the platform’s enabling of illegal activities, the Star Health incident highlights the challenges of regulating digital communication tools that can serve as avenues for cybercrime.