SURYAA

Home

Telugu Version

English Version

Latest Updates National International Telangana Andhra Pradesh Cinema Business Sports

Let's get Social

Facebook Twitter Google +

Legal services firm asks govt to probe Star Health data breach

 

by IANS |

New Delhi, Oct 14 (IANS) Software Freedom Law Centre India (SFLCI), a Delhi-based legal services organisation, on Monday wrote to the national cyber agency Indian Computer Emergency Response Team (CERT-In) to initiate a probe into the data breach by Star Health and Allied Insurance, one of the largest health insurers in the country, and also to prevent such data leaks in the future.


Highly sensitive personal information including names, phone numbers, residences, tax information, ID copies, test results, and diagnoses of Star Health customers was reportedly available on Telegram. A hacker put the entire 7.24 TB data, allegedly belonging to its over 3.1 crore customers, for open sale on a website for $150,000. Star has also received a ransom demand of $68,000.


“It is highly problematic that sensitive medical information has been leaked, as it exposes customers to potential frauds by bad actors in the health sector such as predatory insurance agencies and laboratories,” the SFLCI said.


“Medical information is confidential and must be afforded higher protection and held to a higher standard of accountability. A data breach of medical information must be addressed with urgency, as there is a high potential for misuse of medical data,” added the firm in the letter to CERT-In, under the Ministry of Electronics and Information Technology.


The SFLCI mentioned that the consequences of the data breach can be severe, and can range “from identity theft and impersonation to emotional distress with long-term fears of misuse of their personal information”.


The organisation said that in light of several recent large-scale data breaches, including Aadhaar and CoWIN, in the country “we urge CERT-in to investigate such data breaches immediately”.


In October 2023, the Aadhaar data of around 81 crore citizens was allegedly leaked, and in July 2023, the alleged CoWIN data breach also resulted in the exposure of sensitive personal information.


Further, the firm called for notifying rules under the Digital Personal Data Protection Act, 2023.


Until this is done India will not have an effective “data protection regime to address such harms”, the organisation said.


It further informed that Section 70B of the Information Technology Act empowers CERT-in to conduct security audits and respond to data breaches. Rule 8 of the CERT-in Rules requires CERT-in to respond to cyber security incidents. Rule 9 requires an analysis of such incidents.

Latest News
Bihar: Youth lynched in Patna outskirts Mon, Oct 14, 2024, 05:04 PM
BJP seeks Karnataka Guv's intervention to revoke cabinet decision on withdrawal of Hubballi riot cases Mon, Oct 14, 2024, 04:51 PM
Sensex jumps up 591 points, realty and banking stocks shine Mon, Oct 14, 2024, 04:49 PM
Karnataka BJP stages protest against withdrawal of Hubballi riot case Mon, Oct 14, 2024, 04:47 PM
'Help people': DMK directs cadre after IMD predicts heavy rains in TN Mon, Oct 14, 2024, 04:44 PM