India’s largest health insurer Star Health has reportedly become the victim of a data breach, with sensitive information on more than 31 million customers leaked via chatbots on Telegram.
Reuters was alerted to the issue by a security researcher who is in communication with the creator of the chatbots. The chatbot creator claimed that the private details of millions of people, including medical reports, were for sale and that samples could be viewed by simply asking the chatbots.
Star Health said in a statement to Reuters that it reported suspected unauthorized data access to local authorities and that an initial assessment showed “no widespread compromise” and that “sensitive customer data remains secure”.
Unfortunately, using the chatbots, Reuters was able to download policy and claims documents which included:
- Names
- Phone numbers
- Addresses
- Tax details
- Copies of ID cards
- Test results
- Medical diagnoses
The Star Health chatbots feature a welcome message stating they have been operational since at least Aug. 6, said UK-based security researcher Jason Parker.
This comes just weeks after Telegram’s founder and CEO Pavel Durov was accused of allowing the messenger app to facilitate crime. Durov and Telegram denied any wrongdoing.
Telegram is one of the world’s largest messenger apps with 900 million active monthly users.
Emily Phelps, VP, Cyware had this to say:
“Healthcare is one of the most sensitive sectors when it comes to security, given the highly personal nature of the data it handles. Breaches like this one underscore the risks when sensitive health data is exposed. To effectively safeguard healthcare infrastructure, a collective defense approach is essential. Sharing threat intelligence across trusted organizations allows us to anticipate and neutralize threats before they cause widespread harm. Shifting from reactive security models to proactive and adopting collaborative strategies that prioritize both the privacy and safety of patients is paramount.”
I am kind of floored that you can get such sensitive information simply by asking the chatbot. In short, someone has a lot of explaining to do as this should simply not happen.
Like this:
Like Loading...
Related
This entry was posted on September 24, 2024 at 8:10 am and is filed under Commentary with tags Telegram. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Top Indian Health Insurer Compromised By Telegram Chatbots
India’s largest health insurer Star Health has reportedly become the victim of a data breach, with sensitive information on more than 31 million customers leaked via chatbots on Telegram.
Reuters was alerted to the issue by a security researcher who is in communication with the creator of the chatbots. The chatbot creator claimed that the private details of millions of people, including medical reports, were for sale and that samples could be viewed by simply asking the chatbots.
Star Health said in a statement to Reuters that it reported suspected unauthorized data access to local authorities and that an initial assessment showed “no widespread compromise” and that “sensitive customer data remains secure”.
Unfortunately, using the chatbots, Reuters was able to download policy and claims documents which included:
The Star Health chatbots feature a welcome message stating they have been operational since at least Aug. 6, said UK-based security researcher Jason Parker.
This comes just weeks after Telegram’s founder and CEO Pavel Durov was accused of allowing the messenger app to facilitate crime. Durov and Telegram denied any wrongdoing.
Telegram is one of the world’s largest messenger apps with 900 million active monthly users.
Emily Phelps, VP, Cyware had this to say:
“Healthcare is one of the most sensitive sectors when it comes to security, given the highly personal nature of the data it handles. Breaches like this one underscore the risks when sensitive health data is exposed. To effectively safeguard healthcare infrastructure, a collective defense approach is essential. Sharing threat intelligence across trusted organizations allows us to anticipate and neutralize threats before they cause widespread harm. Shifting from reactive security models to proactive and adopting collaborative strategies that prioritize both the privacy and safety of patients is paramount.”
I am kind of floored that you can get such sensitive information simply by asking the chatbot. In short, someone has a lot of explaining to do as this should simply not happen.
Share this:
Like this:
Related
This entry was posted on September 24, 2024 at 8:10 am and is filed under Commentary with tags Telegram. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.