Following the recent incidents of data breach at Star Health and Allied Insurance, the Insurance Regulatory and Development Authority of India has directed all insurance companies to conduct audits of their IT systems. The Irdai said it’s in touch with the management of these two insurers to address the vulnerabilities.
Although it didn’t mention the names of the insurers, the insurance regulator said it takes data breaches very seriously and asserted that it will continue to engage with the companies to ensure that the policyholders' interests are fully protected.
Both Star Health and Allied Insurance had recently admitted data breach and disclosed the same to stock exchanges, the government and Irdai, as part of their standard operating procedures. Tata AIG General Insurance is also said to be impacted by this menace, as per some reports.
Asserting that it’s closely monitoring the situation, the Irdai said regular updates are being obtained to ensure that the policyholders' data and interests are fully protected and the company is taking all steps to arrest the threat posed by this breach.
The regulator said it will continue to engage with the insurance companies to ensure that the policyholders' interests are fully protected. "The concerned insurers have been instructed to appoint an independent auditor to undertake a comprehensive audit of the company's IT landscape with the aim that there are no vulnerabilities and the IT system is adequate to meet the scale and complexities of their operations," it said.
The insurance watchdog also said that concerned insurers have ring-fenced the impacted IT system by isolating it and at the same time, appointed an external IT security company to undertake root cause analysis. "The audit firm reported vulnerabilities in the company's IT system and the methodology used by the threat actor to exploit the same, which were acted upon by insurers. The Containment, Eradication and Recoverability plan as suggested by the audit firm is being implemented by the insurers," it said.
As per the Irdai, further preventive steps outlined in the report are in the process of implementation to keep the policyholders' data safe and secure. System upgrades over immediate, short and medium periods, will be acted upon by the insurers.
Besides, the application programming interface (API) vulnerabilities, gap assessment, vulnerabilities assessment and penetration testing issues are at an advanced stage of rectification. "The insurers have filed a criminal complaint with the law enforcement agencies against the threat actors. It served legal notice on the social media platform to prevent the threat actor from selling the policyholders' data," Irdai said.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
