A petition has been filed in the Madras High Court raising concerns over a data breach at Star Health Insurance Limited. The petitioner, Himanshu Pathak, founder of the cybersecurity firm CyberX9, has also filed an interim injunction seeking to suspend Star Health’s online operations.
Court Hearing and Central Government’s Role
The case was heard by Justice Dhandapani on Monday, with the judge stating that a decision would be made on Thursday (17th October 2024) regarding whether the Central Government had the authority to take action against the insurance company.
Petitioner’s Allegations on Cybersecurity Lapse
The petitioner, Pathak, urged the court to direct the Ministry of Home Affairs to act on his representation concerning the security vulnerabilities at Star Health. Pathak alleged that Star Health’s cyber security had serious weaknesses, which led to a malicious cyberattack resulting in unauthorized access to sensitive data.
Admission of Cyberattack by Star Health Insurance
On October 9, 2024, Star Health Insurance acknowledged being a victim of a cyberattack. According to Senior Advocate Srinath Sridevan, representing Pathak, officials from the insurance company allegedly sold this sensitive data, including medical records and PAN details, to a Chinese hacker.
Company’s Response and Civil Suit
In response, the counsel for Star Health Insurance informed the court that the company had filed a civil suit and obtained an injunction in its favor. Additionally, the Central Government argued that only the Insurance Regulatory and Development Authority of India (IRDAI) had the authority to investigate the data breach, not the central government.
Further Hearing
Justice Dhandapani adjourned the case, stating that he would rule on the issue of the Central Government’s jurisdiction on Thursday.
Case Title: Himanshu Pathak v. Ministry of Electronics and Information and others
Case Number: WMP/31369/2024 and WP 12049/2023