Star Health, the leading health insurance provider in India, announced on Saturday that it has been targeted with a ransom demand amounting to $68,000 following the unauthorized release of patient information and medical records.
With a market capitalization of approximately $4 billion, Star Health is facing significant reputational and operational challenges after reports emerged on September 20 detailing how a cybercriminal exploited Telegram chatbots and a dedicated website to disclose sensitive information belonging to its clients, such as tax documents and claims data.
As shares of the company fell by 11%, Star has initiated internal reviews and pursued legal actions against both Telegram and the involved hacker, who continues to distribute portions of customer information through their platform.
In a statement released on Saturday, Star disclosed for the very first occasion in August, the perpetrator had sent an email to the company’s top executives demanding a ransom of $68,000. This revelation follows a request from Indian stock exchanges for further information about an investigation into claims suggesting that the chief security officer might have had a role in the data breach.
Star Health reiterated that, to date, no misconduct has been identified concerning its security officer, Amarjeet Khanuja, although the inquiry remains active.
In response to the situation, Telegram has refused to provide details about the hacker's accounts or to enact a permanent ban on those associated with the threats, despite Star Health’s multiple requests for accountability.
The firm mentioned that it has sought guidance from Indian cybersecurity experts to assist them in tracking down the hacker.
Telegram has not provided any commentary regarding the issue. Previously, the messaging service stated that it had acted to remove the problematic chatbots after they were made aware of it by a news outlet.