Top health insurance firm hacked, sensitive customer data including medical records leaked online

Star Health and Allied Insurance, one of the biggest health insurance organizations in India, has suffered a cyberattack that saw sensitive customer data stolen and then leaked on Telegram via a number of bots.

The information stolen and subsequently leaked included people’s full names, phone numbers, postal addresses, medical reports, and insurance claims.

Furthermore, for some people it included copies and scans of ID cards and certain tax details – more than enough information to run identity theft campaigns, phishing, and possibly even wire fraud.

Investigation under way

When Star Health and Allied Insurance learned of the breach, it moved to contain it. Since the data was leaking via Telegram, it sued the instant messaging platform for facilitating crime. Hackers apparently also propped up websites to hold the data, which were hosted on Cloudflare, which is allegedly being mentioned in the lawsuit, too.

A local court issued a legal order, forcing Telegram and Cloudflare to restrict access to the stolen information, which appaears to have been only partially successful, since the sites are still accessible from some ISPs in the country – and it’s not known if the bots are still active on Telegram.

At press time, the victim did not yet issue any statement. It told TechCrunch a “forensic investigation” is underway, and added that it would be premature for a public company to comment before the investigation is concluded.

We don’t know exactly how many customers are affected by this incident. According to Life Insurance International – everyone, and that means more than 31 million people. The stolen data reportedly totalled 7.24 terabytes. We also don’t know if this is the work of a ransomware organization, and if the company was asked for payment to keep the data private. The breach happened in August.

Via TechCrunch

More from TechRadar Pro

• Millions of Toyota drivers have had data exposed – here’s what you need to know
• Here’s a list of the best firewalls around today
• These are the best endpoint security tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.