PhilHealth says member data is 'still intact, not infected' after cyberattack
After a cyberattack had compromised data stored in its servers and local workstations, the Philippine Health Insurance Corp. (PhilHealth) noted that servers containing its members’ private information are still secure.
The government-owned corporation encountered a Medusa ransomware attack on its website, where the hackers demanded $300,000 (P17 million) for the return of the data they encrypted.
The Medusa ransomware encrypts or deletes data backups so they cannot be recovered and mainly targets the healthcare and educational sectors, according to Sangfor Technologies.
In a statement released on Oct. 2, PhilHealth assured that the primary database is still "intact and not infected" following the cyberattack that took place on Sept. 22.
While the number of data subjects that were targeted by the ransomware is still undetermined, PhilHealth believed that the types of data that were compromised include the member's name, address, date of birth, sex, phone number, and PhilHealth identification number.
"The incident was immediately reported to the Department of Information and Communications Technology, the National Privacy Commission in order to expediently resolve the matter, and to law enforcement agencies such as the Philippine National Police Cybercrime Division, Cybercrime Investigation and Coordinating Center, and the National Bureau of Investigation in order to identify and capture the perpetrators," the statement read.
According to PhilHealth, the cyberattack was mitigated after their IT personnel immediately disconnected the network. All employees in the head and regional offices were then ordered to take security measures to further prevent similar attacks.
"As we take premium in safeguarding your personal information and upholding your privacy, we have worked diligently to investigate and resolve the matter to protect your data," PhilHealth stated.
The corporation said that they are now notifying the affected individuals directly. Those who have not received a message may have been spared from the cyberattack.
PhilHealth, however, still advised its members to take the following steps as a precaution:
- Monitor your credit reports for any unauthorized activity
- Place a fraud alert on your credit reports
- Change your passwords for all online accounts, especially financial accounts
- Be wary of phishing emails and smishing texts
"We sincerely apologize for any inconvenience this incident caused. We are committed to protecting your data by continuously working to enhance our security measures," PhilHealth said.