
Police have launched a manhunt and formed a special task force to investigate the fatal shooting of a prominent…

The so-called “Oplan Romanov,” or the alleged covert operation purportedly aimed at eliminating Vice President Sara…

TACLOBAN CITY — Just a week after classes resumed following a fatal mass shooting on campus, officials at San Jose…

The Philippine Charity Sweepstakes Office (PCSO) has signed up another corporation to expand public access to the…

Water reserves at Pantabangan Dam are rising steadily following heavy rains brought by the southwest monsoon and…
Read next

What's your take?
Google Preferred Sources
Get more Daily Tribune stories in your search results
Add Daily Tribune as a preferred source on Google Search.
Continue reading
Computer hackers who attacked the website and the online system of the Philippine Health Insurance Corp. or PhilHealth are yet to be identified, the state-run health insurer's spokesperson revealed Sunday.
In an interview with Daily Tribune, Dr. Israel Francis Paragas, PhilHealth spokesperson and Senior Vice President for Health Finance Policy Sector, confirmed that there was an information security incident that affected its system, however, he noted that the group behind it is still unknown.
"Basically, we are still diagnosing what really caused the information security incident. So, we cannot confirm yet if it is Medusa or ransomware but for the time being, there is an information security incident," Paragas said.
"What we know right now is that there was really a recent incident that happened. There was an attack on our system and on our database," he added.
The Department of Information and Communications Technology previously confirmed that the agency's system was attacked by Medusa ransomware.
As defined by Trend Micro, a multinational cyber security software company, ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users' files until a ransom is paid.
In the state-run health insurer's case, the Medusa ransomware group is demanding a total of $300,000 in exchange for access to its system.
The group threatened to leak the personal information of PhilHealth members if it did not pay the ransom.
No leaked data
Based on the agency's initial assessment, the ransomware has affected at least 72 workstations, mainly from its head office and other offices in the National Capital Region.
"None of those were affected in the regional offices," Paragas said.
PhilHealth, along with the DICT, the National Privacy Commission, and the cybercrime units of the National Bureau of Investigation are working together to investigate the matter.
Paragas also allayed the fears of PhilHealth members about their personal information, stressing that "no data was compromised."
"Although we are still looking into it, as of now, we can say that no personal information was leaked," he said.
"Of course, because of what happened, the system is very vulnerable and so we are putting a lot of controls right now with the help of DICT and through the forensics of the NBI," he added.
Affected services
As part of the containment measures in response to a cyber-attack, the state insurance company shut down its website, and online services on Saturday.
"We saw that it affected our website, membership [portals], and e-claims so we deem it necessary to shut down all the systems operations because we want to diagnose the extent of the effects of this attack," Paragas said.
To minimize the effect of the cyber-attack, PhilHealth temporarily shifted to manual operations.
According to Paragas, PhilHealth along with concerned government agencies is working to restore its online system by Monday, 25 September.