Star Health receives $68,000 ransom demand after leak of confidential customer data

Star Health and Allied Insurance Co. Ltd. announced on Saturday, October 12 that the company had received a $68,000 ransom demand for providing access to confidential customer data and leaked medical records, according to the company’s BSE filing.

“The incident involved a series of emails received by senior Star Health executives, in which the threat actor claimed unauthorized and illegal access to confidential customer data and demanded a ransom of 68,000 dollars,” the company said in the exchange’s filing.

Shares of Star Health and Allied Insurance closed 3.41 percent lower ₹547.85 after Friday’s trading session, compared to ₹567.20 at the previous market close. The company released the information related to the ransom amount on Saturday afternoon.

mint previously reported on the company’s acceptance, the first since media reports surfaced about its Telegram data leak. Star Health said it was the victim of a cyberattack and its operations were not affected despite the data breach on Oct. 9, according to an exchange filing.

The company clarified more about a ransom amount, which was demanded in exchange for access to confidential customer data and leaked medical records. This clarification came at the BSE’s request for more details on a Reuters report.

“The Exchange has sought clarifications from Star Health and Allied Insurance Company Ltd on 11 October 2024, with reference to news appearing in Resuters dated 11 October 2024 citing Star Health India’s probes about the security chief’s alleged role in the data leak.” ” the company said on Friday.

The company also said it has established a Risk Management Committee, which is responsible for the cybersecurity function, according to the statement.

“We would like to emphasize that our investigations are ongoing and we have engaged competent independent third parties to carry out the exercise. To date we have not come to any findings of wrongdoing by our Chief Information Security Officer (CISO ),” the company said in the statement.

Statement by Star Health on October 9

Star Health admitted on Oct. 9 that it was the victim of a cyberattack that led to the leak of confidential customer data and medical records.

“We acknowledge that we were the victims of a targeted malicious cyber attack, which resulted in unauthorized and illegal access to certain data. We make it absolutely clear that our operations are not affected and that all services continue without interruption,” he said. say Star Health.

The company said an investigation led by independent cybersecurity experts is underway as the company works with government and regulatory authorities to investigate.