The Star Health Data Breach: Who Is at Fault? Update on the Investigation and IRDAI's Reaction
The recent Star Health Insurance data breach, which exposed the private information of over 31 million clients, is posing significant concerns regarding regulatory supervision and responsibility in the Indian insurance industry. What we now know about accountability, the status of the inquiry, and the steps taken by the Insurance Regulatory and Development Authority of India (IRDAI) is as follows.
Who Is in Charge?
The hacker xenZen's first accusation raised the possibility of internal business involvement. According to the hacker, the Chief Information Security Officer (CISO) of Star Health allegedly offered data for $28,000 but later increased the price to $150,000, resulting in a botched transaction. However, Star Health has denied these allegations, claiming that no internal involvement occurred. The Information Technology Act of 2000 and the recently passed Digital Personal Data Protection Act of 2023 both require businesses to secure sensitive personal data and put preventive measures in place, so responsibility is still a complicated matter.
Developments in the Study
In order to identify the incident and stop other data leaks, Star Health started a forensic investigation with outside cybersecurity specialists. The business also filed a case with the Madras High Court, which ordered Telegram and other platforms to block access to the compromised data. Telegram removed the bots that were actively exchanging sensitive consumer data in order to comply. Regulators are still keeping an eye on the matter, though, as no formal report on the results of the internal probe has been made public yet.
The Reaction of the Regulator IRDAI
Ensuring that insurance businesses adhere to cybersecurity and data privacy requirements is the responsibility of India's insurance regulator, the IRDAI. IRDAI has been keeping a careful eye on Star Health's adherence to its Cybersecurity and Cyber Resilience Framework since the hack. This framework was established in 2017 and mandates that insurers have robust data protection procedures, risk assessments, and incident management plans. Though it hasn't yet announced any fines or new rules for Star Health, IRDAI is anticipated to call for openness and enhancements to the business's data security protocols. IRDAI may review and perhaps improve its cybersecurity standards for the industry as a result of the hack.
What Comes Next?
Significant flaws in data management procedures and regulatory supervision in the Indian insurance sector have been brought to light by the Star Health event. In order to ensure compliance with IRDAI recommendations and current privacy legislation, the company and regulators may need to examine and strengthen data protection policies as the inquiry goes on. As IRDAI assesses the effectiveness of Star Health's reaction and puts any further regulatory measures in place to stop such situations in the future, more updates are expected. The situation is still being closely monitored.
Follow cyberdeepakyadav.com on
Facebook, Twitter, LinkedIn, Instagram and YouTube
What's Your Reaction?
