Written by : Jayati Dubey
September 20, 2024
Star Health, which boasts a market capitalization of over $4 billion, issued a statement acknowledging the alleged unauthorized access to customer data.
Sensitive customer data, including medical reports from Star Health and Allied Insurance, India’s largest standalone health insurer, has been leaked and is accessible via chatbots on the messaging platform Telegram.
This comes just weeks after Telegram’s founder, Pavel Durov, faced accusations of allowing the platform to be used for criminal purposes.
Reportedly, millions of people’s private information is now for sale, with samples accessible through chatbots.
Star Health, which boasts a market capitalization of over $4 billion, issued a statement acknowledging the alleged unauthorized access to customer data.
The insurer assured the public that it had reported the issue to local authorities and, after conducting an initial assessment, claimed there was “no widespread compromise” and that “sensitive customer data remains secure.”
However, investigations have revealed that documents containing personal details such as names, phone numbers, addresses, tax information, and medical diagnoses have been made accessible via Telegram’s chatbots.
Telegram, a Dubai-based messaging app with over 900 million active monthly users, is known for allowing users to create customizable chatbots that automate responses and provide content based on user requests.
This feature, while useful, has been exploited by cybercriminals who use it to sell stolen data. The leaked Star Health data has been traced to two Telegram chatbots that distribute documents such as policy claims, medical test results, and personal identification information.
The breach highlights the challenges companies like Star Health face in safeguarding customer information and the difficulties Telegram encounters in preventing its technology from being misused for illegal activities.
UK-based security researcher Jason Parker, who discovered the data leak, stated that the chatbots have been operational since at least August 6.
He shared details about his interaction with an individual going by the alias “xenZen,” who claimed to have created the chatbots and possessed 7.24 terabytes of data related to over 31 million Star Health customers.
According to xenZen, samples of the data were available for free through the chatbot, while the entire dataset was for sale in bulk.
Parker discovered the chatbots after posing as a buyer on an online hacker forum.
AS per reports, more than 1,500 files could be downloaded via chatbots, with some documents dating as recently as July 2024.
After being informed of the breach, Telegram acted quickly to take down the chatbots. Remi Vaughn, a spokesperson for Telegram, stated that the company removed the chatbots within 24 hours of being notified.
Vaughn emphasized that “the sharing of private information on Telegram is expressly forbidden and is removed whenever it is found,” adding that Telegram’s moderators use a combination of proactive monitoring, AI tools, and user reports to remove millions of harmful content daily.
Despite Telegram’s efforts, new chatbots offering the same stolen Star Health data have since surfaced, underscoring the platform’s ongoing struggle with moderating illicit activities.
Among the data leaked by the chatbots were medical records of Star Health policyholders. One such record pertained to the treatment of the one-year-old daughter of Sandeep TS, a policyholder from Kerala.
The documents included sensitive information such as diagnoses, blood test results, medical history, and a hospital bill amounting to INR 15,000 ($179).
Another affected customer, Pankaj Subhash Malhotra, also confirmed the authenticity of his leaked records, which included ultrasound imaging, details of his illness, and copies of his federal tax and national ID cards. Like Sandeep, Malhotra was unaware of any breach prior to being contacted.
Star Health first became aware of the breach when an unidentified individual contacted the company on August 13, claiming to have access to its data.
The insurer promptly reported the matter to the cybercrime department of its home state, Tamil Nadu, as well as to the Indian Computer Emergency Response Team (CERT-In), a federal cybersecurity agency.
In a statement, Star Health reiterated its commitment to protecting customer privacy, stating, “The unauthorized acquisition and dissemination of customer data is illegal, and we are actively working with law enforcement to address this criminal activity.”
However, in an August 14 filing with the stock exchange, Star Health admitted that it was investigating an alleged breach of “a few claims data.”
Despite these actions, many affected customers remain unaware of the breach, raising concerns about the transparency and timeliness of the insurer’s response.
Telegram, which allows users to store and share large amounts of data through anonymous accounts, has faced increased scrutiny in recent months due to its potential misuse for illegal activities.
Telegram chatbots, in particular, have become a popular tool for cybercriminals to sell stolen data.
These chatbots offer automated responses to user queries, making it easy for criminals to provide illicit content, including personal information, on demand.
In the case of Star Health, two chatbots were distributing policy claims and personal details such as body mass index and policy numbers. Users could request up to 20 records from the 31.2 million datasets available, all with a single click.
The Star Health breach is part of a broader trend of hackers using Telegram and other platforms to sell stolen data.
According to a 2022 report from cybersecurity firm NordVPN, India accounted for 12% of victims whose data was sold via chatbots, the largest percentage globally.
NordVPN cybersecurity expert Adrianus Warmenhoven noted, “The fact that sensitive data is available via Telegram is natural because Telegram is an easy-to-use storefront.”
India, with its growing reliance on digital platforms, faces unique challenges in protecting data from cybercriminals.
The rise in cybercrime, combined with the use of platforms like Telegram, presents a significant threat to individuals’ privacy and companies’ security.
Stay tuned for more such updates on Digital Health News.