Star Health customer medical records leaked on Telegram chatbots: Report

Two chatbots distribute Star Health data. One offers claim documents in PDF format.

In a staggering breach of privacy, customer data—including sensitive medical records—from India’s largest health insurer, Star Health, is now publicly available via chatbots on Telegram, according to a report by Reuters. This alarming situation arose just weeks after Telegram's founder faced allegations of enabling criminal activities through the app.

A security researcher alerted Reuters about the issue, revealing that a user claiming to operate the chatbots, known as "xenZen," asserted that the private details of millions are for sale. The chatbots allow users to request samples of this stolen data, which includes names, phone numbers, addresses, tax information, ID copies, medical test results, and diagnoses.

Star Health and Allied Insurance, valued at over $4 billion, confirmed to Reuters that they have reported the unauthorised access to local authorities. They stated that their initial assessment found "no widespread compromise" and that "sensitive customer data remains secure." However, Reuters managed to download numerous policy and claims documents through the chatbots, raising serious concerns about data security.

Telegram's user-friendly chatbot feature has significantly contributed to its growth, with 900 million active users worldwide. Yet, the recent arrest of founder Pavel Durov in France has intensified scrutiny of the app's content moderation and its vulnerability to misuse.

The Star Health chatbots, operational since at least August 6, reportedly boast access to a staggering 7.24 terabytes of data belonging to over 31 million customers. The data is available piecemeal for free but can also be purchased in bulk. Although Reuters could not independently verify xenZen’s claims or how the data was obtained, they did confirm the existence of a thriving marketplace for this stolen information.

In testing the bots, Reuters successfully downloaded over 1,500 files, with some documents dating back to July 2024. One message within the bot ominously stated, "If this bot gets taken down, watch out; another one will be available in a few hours," indicating the persistent nature of this illicit activity.

After being notified by Reuters, Telegram marked the chatbots as "SCAM" and reported that they were taken down within 24 hours. However, new chatbots offering the same stolen data have already surfaced, highlighting the ongoing challenges Telegram faces in combating such misuse.

Star Health revealed they were first contacted about the breach on August 13, prompting them to report the matter to the cybercrime department in Tamil Nadu and India’s federal cybersecurity agency, CERT-In. In a statement, they emphasized the legality of unauthorized data acquisition and their commitment to customer privacy.

In an August 14 stock exchange filing, Star Health acknowledged that they were investigating an alleged breach affecting "a few claims data." However, representatives from CERT-In and the Tamil Nadu cybercrime department have not responded to requests for comments.

Telegram's platform allows users to store and share significant amounts of data through anonymous accounts and create customisable chatbots that respond to user requests. The two chatbots in question distribute Star Health data, one offering claim documents in PDF format and the other enabling users to request up to 20 samples from a vast dataset.

Among the leaked documents were medical records related to a one-year-old girl treated in Kerala, revealing diagnoses, blood test results, and hospital bills. One affected policyholder, Sandeep TS, confirmed the authenticity of the documents, expressing concern that Star Health had not notified him about the breach.

Another leaked claim included sensitive information belonging to Pankaj Subhash Malhotra, including ultrasound test results and copies of tax and national ID cards. He, too, was unaware of any security breach.

This incident is part of a growing trend where hackers leverage chatbots to sell stolen data. A recent survey by NordVPN found that India represents the largest share of victims, accounting for 12% of five million individuals whose data was sold via chatbots.

NordVPN cybersecurity expert Adrianus Warmenhoven stated, "The availability of sensitive data on Telegram is no surprise, as the platform has become an easy-to-use storefront for criminals." The urgency for robust cybersecurity measures in Indian companies has never been clearer.