Star Health logo


Star Health and Allied Insurance, one of India’s biggest health insurance firms, is investigating a cybersecurity incident that allegedly leaked sensitive data associated with its customers, including their medical records.

The Chennai-headquartered insurance giant told TechCrunch that a “forensic investigation” is ongoing after data allegedly stolen from the company was shared online.

A hacker group recently created chatbots on Telegram to leak alleged personal data of Star Health’s policyholders, including their full names, phone numbers, and home addresses, as well as medical reports and insurance claims. The data also appeared to include copies of ID cards and individuals’ tax details.

Reuters first reported the Telegram chatbots leaking the alleged Star Health customer data. Star Health says it has provided coverage to 170 million individuals to date.

The hacker group created a website to share the data with the links to the Telegram bots. The site, which TechCrunch has seen but is not linking to as it appears to contain sensitive personal information, also included a video allegedly showing screenshots and conversations between Star Health CISO Amarjeet Khanuja and the hacker group.

Star Health declined to comment when reached by TechCrunch with several questions about the incident.

“Given the circumstances, it would be premature for a listed entity to release a statement without completing a thorough investigation,” Star Health spokesperson Diana Monteiro said in an email.

Earlier on Thursday, Star Health said in a public notice in the Chennai edition of The Hindu newspaper, which TechCrunch has seen, that it was suing Telegram for hosting the chatbots. The insurer also named Cloudflare in its lawsuit for its role in hosting the hacker group’s website on its service.

As a result, the court issued interim injunctions to Telegram and Cloudflare to restrict them from allowing their platforms to be used by the hacker group to share Star Health’s branding in any form.

TechCrunch was able to verify that the hacker group’s website was inaccessible from certain internet providers in India, though the site was accessible from others at press time. Even when the website was blocked, it was redirecting to a web address hosted on a Cloudflare domain.

When asked by TechCrunch if it was aware of the internet blocks, India’s CERT-In said in a brief boilerplate statement that it is “already in process of taking appropriate action with the concerned authority.”

The insurer, which has more than 14,000 hospitals in its network and over 850 branch offices across India, has processed over $3.6 billion claims so far. It provides health, personal accident, and overseas and travel insurance.

A spokesperson for Telegram did not provide comment, when reached by TechCrunch on Thursday. Cloudflare did not respond to a request for comment.

Updated with response from CERT-In.

Leave a Reply

Your email address will not be published. Required fields are marked *