Star Health Receives $68,000 Ransom Demand After Confidential Customer Data Leaked

Star Health and Allied Insurance Co. Ltd. announced on Saturday (October 12) that the company had received a $68,000 ransom demand to provide access to confidential customer data and leaked medical records, according to the company’s ESB filing.

“The incident involved a series of emails received by Star Health executives, in which the threat actor claimed unauthorized and illegal access to confidential customer data and demanded a ransom of $68,000,” it said. the company in the exchange file.

Shares of Star Health and Allied Insurance closed down 3.41 percent at ₹547.85 after Friday’s trading session, up from ₹567.20 at the previous market close. The company released the ransom amount information on Saturday afternoon.

Mint earlier reported that the company had agreed, for the first time since media reports of its Telegram data leak. Star Health said it was the victim of a cyberattack and its operations were not affected even though the data was leaked on Oct. 9, according to an exchange filing.

The company further clarified the amount of a ransom, which was demanded in exchange for access to confidential customer data and leaked medical records. This clarification came upon BSE’s request for more details on a Reuters report.

“The Stock Exchange sought clarification from Star Health and Allied Insurance Company Ltd on October 11, 2024, with reference to reports in Resuters dated October 11, 2024 citing Star Health in India investigating the alleged role of the security chief in data leak. “, the company said on Friday.

The company also said it has formed a risk management committee, which manages the cybersecurity function, according to the statement.

“We would like to emphasize that our investigations are ongoing and we have engaged competent independent third parties to undertake the exercise. We have not reached any conclusions of wrongdoing on the part of our Chief Information Security Officer (CISO) to date,” the company said in the statement.

Star Health statement dated October 9

Star Health admitted on October 9 that it was the victim of a cyberattack that resulted in the leak of confidential customer data and medical records.

“We acknowledge that we have been the victim of a targeted malicious cyberattack, resulting in unauthorized and illegal access to certain data. We are making it clear that our operations are not affected and all services continue without interruption,” Star Health said.

The company said an investigation by independent cybersecurity experts is ongoing and the company is working with government and regulatory authorities on this investigation.