Full Report
Insurtech firm Medi Assist Healthcare Services Ltd has informed that Paramount Health Services & Insurance TPA Private Ltd, a material step-down wholly owned subsidiary, experienced a cyber security incident affecting some of its systems and services. The company said the incident was limited to Paramount TPA’s infrastructure and did not impact Medi Assist or its other subsidiaries. "This incident was restricted to Paramount TPA’s systems and services. The company and its other subsidiaries remain unaffected by the aforementioned incident," according to a stock exchange filing.
Analysis Summary
# Incident Report: Paramount TPA Cybersecurity Incident
## Executive Summary
Paramount Health Services & Insurance TPA Private Ltd (a subsidiary of Medi Assist Healthcare Services Ltd) experienced a cybersecurity incident that affected some of its systems and services. The incident was contained to Paramount TPA's infrastructure, with no impact reported on the parent company or other subsidiaries. Affected systems have since been restored, and normal business operations have resumed.
## Incident Details
- **Discovery Date:** November 19, 2025 (Based on disclosure date)
- **Incident Date:** Undisclosed (The article only reports the disclosure/restoration)
- **Affected Organization:** Paramount Health Services & Insurance TPA Private Ltd (Material step-down wholly owned subsidiary of Medi Assist Healthcare Services Ltd)
- **Sector:** Financial Services/Insurtech (Third-Party Administrator - TPA)
- **Geography:** India (Implied, based on company and filing location)
## Timeline of Events
### Initial Access
- **Date/Time:** Undisclosed
- **Vector:** Undisclosed (Malicious activity leading to system compromise)
- **Details:** Attackers compromised "some of its systems and services."
### Lateral Movement
- **Date/Time:** Undisclosed
- **Details:** Not specified in the provided summary. The compromise appears localized to Paramount TPA's infrastructure.
### Data Exfiltration/Impact
- **Date/Time:** Undisclosed
- **Details:** The incident affected "some of its systems and services." The nature or scope of data compromise is not detailed.
### Detection & Response
- **Date/Time:** Immediately following detection (details not specified)
- **Details:** Paramount TPA’s technical team, in collaboration with specialized external experts, initiated required mitigation actions and protocols. Relevant authorities were notified. Systems were restored, and operations resumed.
## Attack Methodology
*Note: Based on the limited information provided, the technical specifics of the attack vectors are unknown.*
- **Initial Access:** Unknown
- **Persistence:** Unknown
- **Privilege Escalation:** Unknown
- **Defense Evasion:** Unknown
- **Credential Access:** Unknown
- **Discovery:** Unknown
- **Lateral Movement:** Minimal or contained to Paramount TPA infrastructure.
- **Collection:** Unknown
- **Exfiltration:** Unknown
- **Impact:** Disruption to specific systems and services.
## Impact Assessment
- **Financial:** Not disclosed.
- **Data Breach:** Type and volume of data compromised are unknown.
- **Operational:** Temporary disruption to "some systems and services," but confirmed that **all affected systems and infrastructure have been restored, and business operations have resumed as usual.**
- **Reputational:** Public disclosure via stock exchange filing prompted media coverage.
## Indicators of Compromise
*No specific Indicators of Compromise (IOCs) such as file hashes, IP addresses, or domain names were provided in the source material.*
- **Network indicators:** None disclosed.
- **File indicators:** None disclosed.
- **Behavioral indicators:** None disclosed.
## Response Actions
- **Containment measures:** Initiated required actions and protocols by the internal technical team and external security experts.
- **Eradication steps:** Not specified, but implied as part of the technical mitigation process.
- **Recovery actions:** All affected systems and infrastructure were restored, leading to the resumption of normal business operations.
## Lessons Learned
- The incident highlights the necessity of maintaining strong, independent security postures across all subsidiaries, even if the parent company is unaffected.
- The speed of engaging specialized external experts was critical in restoring services.
## Recommendations
- Conduct a comprehensive forensic investigation into Paramount TPA’s infrastructure to fully understand the initial access point and scope of the compromise, even after restoration.
- Review and enhance segmentation strategies between Paramount TPA and other Medi Assist subsidiaries to ensure the containment observed during this incident remains effective against future threats.
- Mandate regular security audits and penetration testing for all material subsidiaries.