Computer hackers who attacked the website and the online system of the Philippine Health Insurance Corp. or PhilHealth are yet to be identified, the state-run health insurer's spokesperson revealed Sunday.
In an interview with Daily Tribune, Dr. Israel Francis Paragas, PhilHealth spokesperson and Senior Vice President for Health Finance Policy Sector, confirmed that there was an information security incident that affected its system, however, he noted that the group behind it is still unknown.
"Basically, we are still diagnosing what really caused the information security incident. So, we cannot confirm yet if it is Medusa or ransomware but for the time being, there is an information security incident," Paragas said.
"What we know right now is that there was really a recent incident that happened. There was an attack on our system and on our database," he added.
The Department of Information and Communications Technology previously confirmed that the agency's system was attacked by Medusa ransomware.
As defined by Trend Micro, a multinational cyber security software company, ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users' files until a ransom is paid.
In the state-run health insurer's case, the Medusa ransomware group is demanding a total of $300,000 in exchange for access to its system.
The group threatened to leak the personal information of PhilHealth members if it did not pay the ransom.
No leaked data
Based on the agency's initial assessment, the ransomware has affected at least 72 workstations, mainly from its head office and other offices in the National Capital Region.
"None of those were affected in the regional offices," Paragas said.
PhilHealth, along with the DICT, the National Privacy Commission, and the cybercrime units of the National Bureau of Investigation are working together to investigate the matter.
Paragas also allayed the fears of PhilHealth members about their personal information, stressing that "no data was compromised."
"Although we are still looking into it, as of now, we can say that no personal information was leaked," he said.
"Of course, because of what happened, the system is very vulnerable and so we are putting a lot of controls right now with the help of DICT and through the forensics of the NBI," he added.
Affected services
As part of the containment measures in response to a cyber-attack, the state insurance company shut down its website, and online services on Saturday.
"We saw that it affected our website, membership [portals], and e-claims so we deem it necessary to shut down all the systems operations because we want to diagnose the extent of the effects of this attack," Paragas said.
To minimize the effect of the cyber-attack, PhilHealth temporarily shifted to manual operations.
According to Paragas, PhilHealth along with concerned government agencies is working to restore its online system by Monday, 25 September.
