Hackers behind PhilHealth attack still unidentified

Hackers behind PhilHealth attack still unidentified

Computer hackers who attacked the website and the online system of the Philippine Health Insurance Corp., or PhilHealth, are yet to be identified, the state-run health insurer's spokesperson revealed Sunday.

In an interview with DAILY TRIBUNE, Dr. Israel Francis Paragas, PhilHealth Senior Vice President for Health Finance Policy Sector, said they are still "diagnosing what really caused the information security incident."

"We cannot confirm yet if it is Medusa or ransomware, but for the time being, there is an information security incident," Paragas said. "What we know right now is that there was really a recent incident that happened."

The Department of Information and Communications Technology previously stated that the agency's system was attacked by Medusa ransomware.

As defined by Trend Micro, a multinational cyber security software company, ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users' files until a ransom is paid.

In the state-run health insurer's case, the Medusa ransomware group was said to be demanding $300,000 in exchange for access to its system.

The group threatened to leak the personal information of PhilHealth members if it did not pay the ransom.

Based on the agency's initial assessment, the ransomware has affected at least 72 workstations, mainly from its head office and other offices in the National Capital Region.

"None of those were affected in the regional offices," Paragas said.

PhilHealth, the DICT, the National Privacy Commission, and the National Bureau of Investigation cybercrime units are working together to probe the matter.

Paragas also allayed the fears of PhilHealth members about their personal information, stressing that "no data was compromised."

"Although we are still looking into it, as of now, we can say that no personal information was leaked," he said. "Of course, because of what happened, the system is very vulnerable, and so we are putting a lot of controls right now with the help of DICT and through the forensics of the NBI," he added.

As part of the containment measures in response to a cyber-attack, the state insurance company shut down its website and online services on Saturday.

"We saw that it affected our website, membership [portals], and e-claims, so we deem it necessary to shut down all the system's operations because we want to diagnose the extent of the effects of this attack," Paragas said.

To minimize the effect of the cyberattack, PhilHealth temporarily shifted to manual operations, with experts working to restore its online system by today.

Related Stories

No stories found.
logo
Daily Tribune
tribune.net.ph