Cloudflare Denies Hosting Websites Involved in Star Health Data Breach

The firm noted that seeing a Cloudflare IP address does not imply the company is responsible for hosting the website.

US software company Cloudflare has denied any involvement in hosting two websites allegedly offering stolen personal data and medical records of customers from Star Health, one of India's top insurers.

This denial comes after Cloudflare was named in a lawsuit filed by Star Health last week, accusing the firm of hosting the websites linked to the data breach.

In a statement to Reuters, Cloudflare clarified that it does not host the domains in question. The company explained that it functions as a pass-through service, facilitating the connection between a website's host and end-users.

The firm noted that seeing a Cloudflare IP address does not imply the company is responsible for hosting the website.

StarHealth's Lawsuit Targets Telegram & Hacker

In addition to Cloudflare, Star Health has also filed lawsuits against the messaging platform Telegram and the hacker xenZen, who reportedly offered sensitive customer data through Telegram chatbots.

The leaked data included phone numbers, copies of identity cards, and medical records such as blood reports. As of Sunday, the websites and Telegram bots distributing the data were no longer accessible.

Star Health's legal action follows an earlier assessment that found "no widespread compromise" of its sensitive data, asserting that customer information remains secure.

The insurer has secured a temporary injunction from a Tamil Nadu court, ordering Telegram and the hacker to block any chatbots or websites in India that share the stolen data.

Background of the Breach

Sensitive customer data from Star Health and Allied Insurance, including medical reports and personal identification, has been accessible via Telegram chatbots for weeks, with millions of

records reportedly for sale.

Star Health became aware of the breach on August 13 and has since reported the issue to local authorities, including CERT-In and Tamil Nadu Cybercrime.

Despite the company’s assurance that sensitive data remains secure, investigations suggest significant private information has been leaked, raising concerns about the company’s transparency.

Telegram's Response

Telegram, widely known for its customizable chatbots that automate responses and deliver user-requested content, has come under scrutiny for its use by cybercriminals.

Telegram, responding to the lawsuit, stated that any newly created bots attempting to share the data had likely been removed during a recent sweep of its content.

The lawsuit comes amid global scrutiny of Telegram, following the arrest of its founder Pavel Durov in France over concerns related to illegal activities on the platform.

Stay tuned for more such updates on Digital Health News.