Massive amounts of patient information from Star Health Insurance customers has been leaked online following a high level data breach.
The leaked personal data includes mobile numbers, PAN, addresses as well as information about pre-existing medical conditions of over 31 million customers.
Star Health Insurance is an Indian multinational health insurance company that is headquartered in Chennai. It offers a range of health, personal accident, and overseas travel insurance policies to millions of consumers.
Hacker Claims Star Health CISO Sold Patient Data
The hacker, identified as ‘xenZen’ claims that Star Health Insurance's CISO was a key and intentional player in the data breach and received $150,000 for selling 7.24 terabytes of data.
The threat actor also accused CISO, Amarjeet Khanuja of later attempting to change the deal terms to demand more money for accessing the data on the Star Health’s servers.
"I am leaking all Star Health India customers and insurance claims sensitive data. This leak is sponsored by Star Health and Allied Insurance Company, who sold this data to me directly." xenZen claimed in a statement.
Read: Patient Data Leaked Following Change Healthcare Cyber Attack
However, the Star Health Insurance firm has stood by their CISO and stated that they have not found any evidence of wrongdoing.
“We request that his privacy be respected, as we know that the threat actor is trying to create panic. We also want to emphasise that any unauthorised acquisition, possession, or dissemination of customer data is illegal.” A statement read.
The company also confirmed that a ‘thorough and rigorous forensic investigation’ into the breach was underway and being led by ‘independent cybersecurity experts.’ Star Health are also working closely with the government as well as regulatory authorities as the investigation progresses
Day to day operations with Star Health are unaffected by the data breach and all services are continuing without disruption.
What To Do If Your Data Has Been Leaked in the Star Health Data Breach?
Having sensitive personal data leaked can be incredibly distressing. It's important to remember that by taking proactive steps, you can reduce the potential risks and protect your personal information.
Update passwords for all online accounts that may have been compromised, including email, social media, and online banking. Use strong, unique passwords for each account and enable multi-factor authentication.
Keep an eye on your bank and credit card statements for any unusual activity. Report any suspicious transactions immediately and consider freezing your credit.
Be aware that your information being compromised may make you a target for social engineering and phishing scams. These scams often involve impersonating trusted individuals or organizations using information they already have about you to convince you to hand over money or further details. Remain skeptical of anyone asking you for information.
The Star Health data breach serves as a stark reminder of the vulnerabilities within the healthcare system handling sensitive patient data and the importance of robust cybersecurity measures.
It is vital that organizations invest in developing and implementing comprehensive response plans, prioritize data security solutions, and remain vigilant against evolving cyber threats.
