SFLCI Asks CERT-In To Probe Into Star Health Data Breach

New Delhi: Software Freedom Law Centre India (SFLCI), a Delhi-based legal services organisation, on Monday wrote to the national cyber agency Indian Computer Emergency Response Team (CERT-In) to initiate a probe into the data breach by Star Health and Allied Insurance, one of the largest health insurers in the country, and also to prevent such data leaks in the future.

Highly sensitive personal information including names, phone numbers, residences, tax information, ID copies, test results, and diagnoses of Star Health customers was reportedly available on Telegram. A hacker put the entire 7.24 TB data, allegedly belonging to its over 3.1 crore customers, for open sale on a website for $150,000. Star has also received a ransom demand of $68,000.

“It is highly problematic that sensitive medical information has been leaked, as it exposes customers to potential frauds by bad actors in the health sector such as predatory insurance agencies and laboratories,” the SFLCI said. “Medical information is confidential and must be afforded higher protection and held to a higher standard of accountability. A data breach of medical information must be addressed with urgency, as there is a high potential for misuse of medical data,” added the firm in the letter to CERT-In, under the Ministry of Electronics and Information Technology.

The SFLCI mentioned that the consequences of the data breach can be severe, and can range “from identity theft and impersonation to emotional distress with long-term fears of misuse of their personal information”. The organisation said that in light of several recent large-scale data breaches, including Aadhaar and CoWIN, in the country “we urge CERT-in to investigate such data breaches immediately”.