Extent of PhilHealth data breach still a mystery – exec

The Philippine Health Insurance Corporation admitted on Thursday that the exact number of members whose personal data was compromised is still unknown, three weeks after it announced the ransomware attack.

"We still have no estimation of how many members' data was compromised," PhilHealth Corporate Affairs Group Acting Vice President Rey Baleña told reporters in a chance interview.

Baleña said the state-run health insurer is still awaiting the report of the Department of Information and Communications Technology, which previously said that stolen data uploaded on the dark web by the hackers amounted to about 734 gigabytes uncompressed.

"We are still waiting for the file which will be coming from the DICT," he said. "Remember, we have to look into the files and see whether there are duplications. Until such time, we will know the exact number of members affected which will serve as our basis to contact them."

PhilHealth previously said that data illegally obtained by the hackers would no longer be able to be retrieved.

Over the weekend, the agency called on the public to take precautionary measures such as changing their online accounts' passwords following the publication of its employees' personal data on the dark web.

"Using the stolen data, the hackers will likely target members through calls, emails, or text messages," PhilHealth President and Chief Executive Officer Emmanuel Ledesma Jr. said in a statement.

"Let us then heed the advice of authorities to refrain from clicking doubtful links or providing passwords or OTPs. It is best to ignore suspicious calls, and to delete text or emails instead from unknown and suspicious senders," he added.

PhilHealth announced on 22 September the temporary shutdown of its website, as well as its membership portal to contain an "information security incident."

In the following days, the Medusa ransomware group demanded $300,000 or around P17,000,000 from the agency in exchange for access to its system.

Last week, the DICT confirmed that the hackers behind the ransomware attack had started publishing PhilHealth employees' data on the dark web, the day after its self-imposed deadline on the government expired.

The leaked data includes details on employees' identification cards, memorandums, directives, and hospital bills.