Star Health and Allied Insurance, one of India’s largest health insurers, is investigating a cybersecurity incident in which confidential data of its customers, including medical records, was allegedly leaked.
The Chennai-headquartered insurance giant told TechCrunch that a “forensic investigation” was underway after data allegedly stolen from the company was shared online.
A hacker group recently created chatbots on Telegram to allegedly leak personal information of Star Health policyholders, including their full names, phone numbers and home addresses, as well as medical reports and insurance claims. The data also appeared to include copies of individuals’ ID cards and tax information.
Reuters first reported the Telegram chatbots that allegedly leaked Star Health customer data. Star Health says it has coverage for 170 million dating individuals.
The hacker group created a website where they shared the data with the links to the Telegram bots. The site, which TechCrunch has seen but is not linking to because it appears to contain sensitive personal information, also contained a video purporting to show screenshots and conversations between Star Health CISO Amarjeet Khanuja and the hacker group.
Star Health declined to comment when TechCrunch asked several questions about the incident.
“Under the circumstances, it would be premature for a publicly traded company to make a statement without conducting a thorough investigation,” Star Health spokeswoman Diana Monteiro said in an email.
Earlier on Thursday, Star Health had said in a public notice in the Chennai edition of The Hindu newspaper, seen by TechCrunch, that it was suing Telegram for hosting the chatbots. The insurer also referred to Cloudflare in its complaint as the company had hosted the hacker group’s website on its service.
The court issued preliminary injunctions to Telegram and Cloudflare to prevent them from allowing the hacker group to use their platforms to distribute Star Health’s branding in any way.
TechCrunch was able to confirm that the hacking group’s website was unreachable from certain internet providers in India, although it was accessible from others at press time. Even when the site was blocked, it redirected to a web address hosted on a Cloudflare domain.
The insurer, which has more than 14,000 hospitals in its network and over 850 branches across India, has settled over $3.6 billion in claims to date. It offers health, accident, foreign and travel insurance.
Telegram, Cloudflare and India’s CERT-In did not respond to requests for comment.
