Star Health Hit with $68k Ransom Demand

Star Health received $68,000 ransom demand. Threat actor claims access to customer data. Company denies wrongdoing by security chief.

Star Health and Allied Insurance Co. Ltd. has been caught in the throes of a cyberattack, with a ransom demand of $68,000 issued to regain access to leaked confidential customer data and medical records. The company, in its BSE filing on October 12, disclosed the receipt of a series of emails from a threat actor claiming unauthorized access to sensitive information. The threat actor's demand for a ransom payment of USD 68,000 has shaken the company, prompting a 3.41% decline in Star Health and Allied Insurance shares on the same day. The company, in its exchange filing, acknowledged the cyberattack and asserted that its operations remain unaffected despite the data leak, which occurred on October 9.

The incident has been widely reported in the media, with Mint publishing an article on the company's response to the data leak. The company, in its statement, further clarified that the ransom amount was demanded in exchange for access to the leaked confidential data and medical records. This clarification came following a request from BSE for further details regarding a Reuters report that alleged a potential role of the company's security chief in the data leak.

Star Health, in its statement on October 9, acknowledged being the victim of a targeted malicious cyberattack that resulted in the unauthorized access of confidential customer data and medical records. The company assured that its operations remain unaffected and all services continue without disruption. Despite this, the cyberattack has raised serious concerns about the company's cybersecurity measures. Star Health has since constituted a Risk Management Committee to oversee its cyber security function and has engaged independent third parties to conduct a thorough investigation into the matter. The company, in its statement, has asserted that it has not found any evidence of wrongdoing by its Chief Information Security Officer (CISO) to date.

This incident highlights the growing threat of cyberattacks on businesses and the need for robust cybersecurity measures to protect sensitive data. The incident underscores the importance of proactive cybersecurity measures to safeguard against data breaches and the potential ramifications of such attacks, which can include reputational damage, financial losses, and legal liabilities.

Source: Star Health receives $68,000 ransom demand after customer confidential data leak