Irdai to increase scrutiny of cyber security breaches after Star Health episode – ET CISO
https://etimg.etb2bimg.com/thumb/msid-114138567,imgsize-5880,width-1200,height=765,overlay-etciso/ot-security/irdai-to-increase-scrutiny-of-cyber-security-breaches-after-star-health-episode.jpg
The Insurance Regulatory and Development Authority (Irdai) is intensifying scrutiny of cyber security lapses in the insurance sector after Star Health Insurance, one of the country’s largest health insurers, suffered a major data breach.
Over 31 million customers’ sensitive personal information was allegedly sold to hackers, seen as one of the most severe breaches in the insurance industry.
“Irdai sees this data leak as a very serious issue,” a person said, adding that other insurers would also need to review their data security policies. “As more sensitive data flows into insurance firms, there is a need for stronger cybersecurity. The regulator wants to ensure that every insurer applies the best possible security measures, including regular audits and updates to safeguard data.”
Irdai will wait for an audit report to identify the gaps and issue instructions. The regulator has asked Star Health to extensively audit the company’s cybersecurity framework. The audit, led by an external firm, is expected to identify control gaps and recommend compliance measures to prevent future data thefts.
The breach, linked to the company’s chief information security officer (CISO) Amarjeet Khanuja, surfaced after a hacker going by the alias “xenZen” claimed Khanuja had sold the data and later tried to renegotiate for more money in exchange for continued backdoor access.