Star Health Insurance confirms data breach, initiates forensic investigation

India’s leading standalone health insurance provider, Star Health and Allied Insurance Co. Ltd., has confirmed that it fell victim to a targeted malicious cyberattack, resulting in unauthorized access to certain customer data. The company, however, assured stakeholders that its operations remain unaffected and services continue without disruption, as per the official statement issued on Wednesday, October 9.

In its statement, Star Health emphasized that it is conducting a thorough forensic investigation led by independent cybersecurity experts. The company works closely with government and regulatory bodies, including insurance and cybersecurity authorities, and has filed a criminal complaint to further investigate the breach.

The company has also obtained an order from the Madras High Court directing all relevant parties, including third parties, to disable access to the compromised data. “We are diligently pursuing implementing this order,” Star Health stated.

The company’s Chief Information Security Officer (CISO), Amarjeet Khanuja, is actively cooperating in the investigation, and no evidence of misconduct has been found against him thus far.

Star Health has urged all platforms, hosting providers, social media channels, and users to comply with the court’s directives and take swift action to prevent the dissemination of customer data. The insurer reiterated that the unauthorized possession or dissemination of customer data is illegal.

Despite the breach, Star Health’s shares rose 1.25% to close at ₹577.65 on Wednesday, up from ₹570.50 the previous day. The incident follows a report by Reuters on September 20, which indicated that Star Health’s customer data, including medical records, was accessible via chatbots on Telegram. At the time, the company responded by stating that no widespread data compromise had occurred and sensitive customer data remained secure.