Excerpt from Cafemutual Article, Published on July 28, 2025
Star Health, one of India’s leading health insurers, faces a hefty penalty after the Insurance Regulatory and Development Authority of India (IRDAI) fined the company ₹3.39 crore for multiple violations of Information & Cyber Security Guidelines, 2023. The IRDAI’s enforcement action highlights the growing regulatory focus on cybersecurity within India’s financial sector and emphasizes the need for stringent data protection measures across large organizations.
Star Health operates through 913 offices, partners with over 14,000 network hospitals, and maintains a vast network of more than 775,000 licensed agents. With a workforce of about 17,000 employees, it reported a gross written premium of ₹17,553 crore and a net worth of ₹8,668 crore for the fiscal year 2024-25. This scale of operations means that cyber threats have significant implications for customer trust and industry compliance.
According to IRDAI’s order, the penalty was applied following detailed findings that Star Health failed to adhere to established norms for information and cybersecurity. Beyond financial repercussions, the IRDAI issued a formal warning to Star Health, underscoring the severity of the lapses and sending a clear message to other market participants about the consequences of non-compliance.
This action from India’s insurance regulator comes amid broader industry scrutiny; several other insurers are also under review for potential portfolio and regulatory lapses. The robust response indicates that regulators will not hesitate to use punitive powers to ensure the safety and security of consumer data, especially within the insurance sector where sensitive health and financial information is often at risk.
To delve deeper into this topic, read the Cafemutual Article.
