The regulator is also in touch with its management to address the vulnerabilities.
Without naming the insurers, the Insurance Regulatory and Development Authority of India (IRDAI) said it takes data breaches very seriously and stated that it will continue to collaborate with companies to ensure that policyholders’ interests are fully protected.
Star Health Insurance had recently admitted to a data breach. The name of the second insurer could not immediately be determined.
“There have recently been reports of data breaches from two insurers,” the regulator said.
In a statement, Irdai said he is closely monitoring the situation in the case of the insurers involved and has been in touch with their management.
Regular updates are being obtained to ensure that data and interests of policyholders are fully protected and the company is taking all measures to stop the threat posed by this breach, the regulator said.
Irdai said he will continue to collaborate with insurance companies to ensure that the interests of policyholders are fully protected.
“Concerned insurers have been instructed to appoint an independent auditor to carry out a comprehensive audit of the company’s IT landscape with the objective that there are no vulnerabilities and that the IT system is adequate to meet the scale and complexities of its operations,” the statement said. .
As part of the standard operating procedures of the affected insurers, they reported the cyber incident to the government and Irdai, he added.
It also said that the insurers in question have protected the affected IT system by isolating it and, at the same time, have appointed an external IT security company to conduct a root cause analysis.
“The audit firm reported vulnerabilities in the company’s IT system and the methodology used by the threat actor to exploit them, on which the insurers acted. The insurers are implementing the Containment, Eradication and Recoverability plan suggested by the audit firm,” Irdai said.
Other preventative measures outlined in the report are being implemented to keep policyholder data safe and secure. Insurers will act on system upgrades in immediate, short and medium periods, Irdai said.
Additionally, application programming interface (API) vulnerabilities, gap assessment, vulnerability assessment, and penetration testing issues are at an advanced stage of rectification.
“The insurers filed a criminal complaint with law enforcement against the threat actors. A legal notice was sent on the social media platform to prevent the threat actor from selling the data of policyholders,” the regulator said.
Additionally, Irdai has issued an advisory to all insurers to check their IT systems for vulnerabilities and take necessary measures to protect policyholder data.
The regulator said it considers data security very important and takes data breaches, cyber attacks on insurance companies’ computer systems, etc. very seriously.
There are cybersecurity guidelines for insurance companies, which require insurers to establish robust IT and cybersecurity frameworks to carry out their operations, he added.
Disclaimer:
The information contained in this post is for general information purposes only. We make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the post for any purpose.
We respect the intellectual property rights of content creators. If you are the owner of any material featured on our website and have concerns about its use, please contact us. We are committed to addressing any copyright issues promptly and will remove any material within 2 days of receiving a request from the rightful owner.