Star Health and Allied Insurance, one of India’s largest health insurance companies, is investigating a cybersecurity incident in which sensitive data, including medical records related to its customers, was allegedly compromised.
The Chennai-based insurance giant told TechCrunch that a “forensic investigation” is underway after data allegedly stolen from the company was shared online.
A group of hackers recently created a chatbot on Telegram that allegedly leaked Star Health policyholders’ personal data such as their names, phone numbers and home addresses, as well as medical reports and insurance claims. This data also appears to include copies of ID cards and personal tax statements.
Reuters first reported that a Telegram chatbot leaked Star Health customer data. Star Health says it has provided insurance to 170 million people so far.
A group of hackers has created a website to share data that includes links to Telegram bots. The site, seen by TechCrunch and not linked to it because it appears to contain sensitive personal information, includes screenshots and conversations between Star Health CISO Amarjeet Khanuja and the hacker group. It also included a video that was allegedly shown.
Star Health declined to comment on several questions about the incident from TechCrunch.
“Given the circumstances, it would be premature for a publicly traded company to issue a statement without completing a thorough investigation,” Star Health spokeswoman Diana Monteiro said in an email.
Earlier on Thursday, Star Health announced in a public notice in the Chennai edition of The Hindu that it would sue Telegram for hosting the chatbot, seen by TechCrunch. The insurance company also named Cloudflare in the lawsuit for its role in hosting the hacker group’s website on its service.
As a result, the court issued a preliminary injunction against Telegram and Cloudflare restricting the hacker group from using their platforms to share Star Health’s brand in any way.
TechCrunch was able to confirm that the hacker group’s website was inaccessible from certain internet providers in India, but was accessible from other providers at the time of writing. Even if a website was blocked, it was redirected to a web address hosted on a Cloudflare domain.
When asked by TechCrunch if it was aware of the internet block, India’s CERT-In said in a standard statement: “We are already taking appropriate steps with the relevant authorities.”
The company has over 14,000 hospitals in its network, over 850 branches across India, and has processed over $3.6 billion in claims to date. We provide health insurance, personal accident insurance, overseas insurance, and travel insurance.
A Telegram spokesperson had no comment when contacted by TechCrunch on Thursday. Cloudflare did not respond to a request for comment.
Updated with response from CERT-In.
