Stolen customer data, including sensitive medical reports, from Star Health—India's largest health insurer—is reportedly accessible through chatbots on Telegram. This Star Health data leak revelation comes just weeks after concerns were raised regarding the app's use in facilitating crime, following the arrest of its founder, Pavel Durov.
A security researcher alerted Reuters to the situation, claiming that the chatbots, created by a user identified as "xenZen," offered private details of millions for sale. Star Health and Allied Insurance, with a market capitalization exceeding $4 billion, stated it has reported the unauthorized data access to local authorities. The insurer’s initial assessment indicated "no widespread compromise," asserting that "sensitive customer data remains secure."
However, Reuters found that using the chatbots allowed access to policy and claims documents containing names, phone numbers, addresses, tax details, ID copies, test results, and medical diagnoses.
The creation of such chatbots has significantly contributed to Telegram's growth, making it one of the world's largest messaging platforms, with 900 million active monthly users. Yet, the recent scrutiny of Telegram's content moderation highlights challenges in preventing criminal misuse of its technology.
Overview of the Star Health Data Leak
The Star Health chatbots, operational since at least August 6, were identified by UK-based security researcher Jason Parker. He reported engaging with a user on an online hacker forum who claimed to possess 7.24 terabytes of data related to over 31 million customers. While data is available for free in random snippets via the chatbot, it is also offered for bulk sale.
In tests conducted by Reuters, more than 1,500 files were downloaded, some dated as recently as July 2024. A warning message from the chatbot indicated that if one bot were taken down, another would quickly emerge.
After Reuters alerted Telegram about the chatbots, a spokesperson confirmed they were removed within 24 hours. However, new chatbots began to appear, continuing to offer access to Star Health data.
Star Health reported an unsolicited contact on August 13 from an individual claiming to have accessed its data. The insurer promptly notified the cybercrime department of Tamil Nadu and the federal cybersecurity agency, CERT-In. In an August 14 stock exchange filing, Star Health stated it was investigating an alleged breach involving "a few claims data."
Implications for Cybersecurity in India
Despite the seriousness of the situation, representatives for CERT-In and the Tamil Nadu cybercrime department did not respond to requests for comment.
Telegram allows users to create customizable chatbots that can store and share large amounts of data anonymously. Two chatbots related to Star Health were identified: one offers claim documents in PDF format, while the other allows users to request samples from over 31 million datasets, including policy numbers and personal health metrics.
Among the leaked documents were medical records of a one-year-old child, which included diagnoses and treatment details. The child's father, Sandeep TS, confirmed the authenticity of the documents but stated he had not been notified of any data leak.
Another policyholder, Pankaj Subhash Malhotra, also confirmed the authenticity of leaked documents related to his case, which included sensitive health and tax information. He noted that he had not been informed about any security breach.
This incident is part of a broader trend where hackers exploit platforms like Telegram to sell stolen data. According to a survey by NordVPN, India represented 12% of the five million people whose data was sold via chatbots, making it the largest group of victims.
A NordVPN cybersecurity expert Adrianus Warmenhoven commented on the accessibility of sensitive data on Telegram, stating that the platform has become a convenient "storefront" for criminals.
The recent breach at Star Health serves as a stark reminder of the vulnerabilities inherent in our digital landscape. Organizations and individuals alike must prioritize data security and remain vigilant against emerging threats. As these discussions unfold, the importance of protecting sensitive information has never been clearer.
You might also be interested in - Government to launch special incentive scheme to support 75 start-ups in telemedicine, digital health, and AI