13M-20M Filipinos affected by PhilHealth data breach

The number of Filipinos whose personal data were compromised in the ransomware attack on the Philippine Health Insurance Corporation is ranging from 13 million to 20 million, an official disclosed Wednesday.

In a press briefing, PhilHealth Data Privacy Officer Nerissa Santiago said the number is not yet final as the state-run health insurer has yet to finish analyzing the data it obtained from the Department of Information and Communication Technology.

"For the members, if we are looking at the individual workstation, we are expecting about 13-20 million names, but we cannot say the exact number but initially that is what we are looking at," Santiago said.

PhilHealth said the number of affected individuals includes 600 to 800 of their employees.

To recall, the state-run health insurer announced on 22 September the temporary shutdown of its website, as well as its membership portal to contain an "information security incident."

In the following days, the Medusa ransomware group demanded $300,000 or around P17,000,000 from the agency in exchange for access to its system.

The hackers behind the cyberattack proceeded with their plan to release the personal data they illegally obtained from PhilHealth.

The leaked data includes details on employees' identification cards, memorandums, directives, and hospital bills.