The Insurance Regulatory and Development Authority of India (Irdai) has mandated two insurance companies to conduct comprehensive audits of their IT systems in response to concerning reports of data leaks affecting policyholders. Although the specific insurers involved have not been disclosed, Irdai has underscored its commitment to addressing potential vulnerabilities in their systems.
Irdai recognizes the seriousness of data breaches and has reiterated its engagement with the affected companies to ensure the protection of policyholder interests. Recently, Star Health Insurance confirmed a data breach, while the identity of the second insurer remains unknown.
In an official statement, Irdai highlighted its close monitoring of the situation and active communication with the management teams of the insurers to mitigate risks and enhance data security measures. The regulatory body aims to uphold the integrity of the insurance sector and safeguard consumer data amid increasing concerns over privacy and security within the industry.
To address these breaches, Irdai has instructed the affected insurers to appoint independent auditors to conduct thorough audits of their IT systems. These audits are intended to identify and eliminate any vulnerabilities, ensuring that the IT infrastructure can effectively manage the scale and complexities of their operations. The insurers have adhered to standard operating procedures by reporting the cyber incidents to both the government and Irdai.
In response to the breaches, the insurers have taken proactive measures, including isolating the impacted IT systems and engaging an external IT security firm for a root cause analysis. The audits have identified specific vulnerabilities and methods used by cyber attackers, prompting immediate action. The insurers are now implementing a Containment, Eradication, and Recoverability plan as suggested by the audit findings.
Preventive measures outlined in the audit reports are also being put into action to secure policyholders' data. The insurers are prioritizing system upgrades and addressing issues related to application programming interface (API) vulnerabilities. They are conducting gap assessments, vulnerability assessments, and penetration testing to rectify potential threats.
Furthermore, the insurers have filed criminal complaints with law enforcement against the cyber attackers and have issued legal notices to social media platforms to prevent the sale of policyholders' data. Irdai has also advised all insurers to evaluate their IT systems for vulnerabilities and take necessary steps to protect policyholder information.
Irdai emphasizes the importance of data security and views data breaches and cyber-attacks on insurance companies' IT systems with utmost seriousness. Existing cybersecurity guidelines for insurance companies require the establishment of robust IT and cybersecurity frameworks to ensure secure operations within the sector.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
