Star Health Data Leak: The Call is Coming from Inside the House
India’s number one health insurer, Star Health, was breached for 7.24 TB of data, now being offered for sale by a hacker who claims his source was none other than the CISO of Star Health himself.
In a world that’s becoming increasingly dependent on APIs, API breaches are becoming more and more common every year. And breaches can be especially pernicious in the healthcare industry, where sensitive data is likely to be exposed.
Star Health, an Indian healthcare company, was recently breached by a hacker who identified themself as “xenZen” and had posted the data up for sale on a breach forum for $150,000. Security researcher Jason Parker found it at this point.
When he pressed xenZen for the source of his information, the hacker named the company’s CISO, pointing to email exchanges that seemed to prove this. The email evidence looks legitimate.
“I think it needs to be investigated by an independent government agency,” said Parker.
Star Health has released a statement that they are investigating the data breach, and have reported the breach to multiple insurance and cybersecurity regulatory authorities. However, they have yet to admit the CISOs involvement, stating only:
“CISO has been cooperating in the investigation and we have not arrived at any finding of wrongdoing by him till date."
They are in the process of seeking an injunction against Telegram and Cloudflare to prevent access to private customer information on these platforms. In the meantime, the investigation continues…
One interesting observation here is that, whether there was inside collusion with the threat actor or not, simple access via an API was able to provide a query and data exfiltration point to someone with no network access. Or, as one CISO FireTail recently spoke with put it, “APIs provide a front door to the data.”
As the volume and complexity of API attacks rises steadily year over year, there is often little that everyday users of APIs can do to keep their data secure. Organizations need to stay on top of their API landscapes to keep track of all their endpoints in order to keep private data secure.
Platforms like FireTail can help companies large and small gain full visibility into their API landscapes in order to take preventive measures proactively to keep all their APIs secure. To see how it works, schedule a demo or get started with a free trial, today.
