Data not compromised on PhilHealth cyberattack

The Philippine Health Insurance Corporation or PhilHealth on Wednesday maintained its claim that its members' data was not compromised by the recent cyberattack on its system.

In an interview with the DAILY TRIBUNE, PhilHealth spokesperson and senior vice president for Health Finance Policy Israel Pargas reiterated that their database remained "intact."

He, however, admitted that hackers behind the cyberattack accessed the data that were stored in the servers affected by the hacking.

"We cannot verify that. It can be a possibility because again, checking our database, it is still intact. If we check the database, it appears that no data was compromised or leaked," he said.

"However, since our employees are also working with regard to our members and all, it could be true that there may be data stolen by these hackers. It is uncertain whether any data was stolen or not," he added.

On Tuesday night, the Department of Information and Communications Technology confirmed that the hackers have already started publishing PhilHealth employees' data on the dark web.

DICT Undersecretary Jeffrey Dy said the stolen data includes details on employees' identification cards, memorandum, directives and hospital bills.

The development came a day after the self-imposed deadline of the hackers on the government to pay a $300,000 ransom for the data expired.

Dy said the information posted on the dark web could just be a "teaser" of what the hackers have stolen from the state-run health insurer's system.

At the same time, in an advisory, PhilHealth confirmed that some members' personal information including names, addresses, dates of birth, sex, phone numbers, and PhilHealth identification numbers were compromised.

The corporation said it is "working to notify all affected individuals directly."

The state-run health insurer also urged its members to take precautionary measures in light of the cyberattack on its system.

"Monitor your credit reports for any unauthorized activity," it said.

Members were also encouraged to place a fraud alert on their credit reports and change their passwords for their online accounts, especially their financial accounts.

Members were also advised to be wary of phishing emails and smishing text messages.

No numbers
Asked how many members were affected by the incident, Pargas said PhilHealth has yet to know the quantity of the data stolen by the hackers.

"There might have been data that were compromised but we don't have any numbers yet," he said.

In case PhilHealth members receive suspicious calls about their data, they may report it through phic.actioncenter2023@gmail.com or phic.dpo@gmail.com, he said.

Online
Meanwhile, the state-run health insurer said its website, member portal, e-claims, HCI portal, Electronic Premium Remittance System, and electronic PhilHealth Acknowledgment Receipt can now be accessed by the public and their partners.

On 22 September, PhilHealth temporarily shut down its website and membership portal due to an "information security incident."