PhilHealth says portal, website now accessible after ransomware attack

The Philippine Health Insurance Corp. (PhilHealth) on Friday announced that its corporate website and member portal are now accessible to the public after it was shut down following a ransomware attack last week.

In an advisory, PhilHealth said its application systems have been restored at 12 noon of September 29, 2023.

Meanwhile, the state health insurer’s e-claims system will be available within the day, it said.

“The shutting down of its application systems was done immediately upon the advice of the Department of Information and Communication Technology (DICT) to   isolate these key services and to ensure that the ransomware infection will not spread to critical computers,” PhilHealth said.

“PhilHealth has been working round the clock since Friday to clean up the affected workstations and restore normalcy the soonest,” it added.

Last Friday, September 22, PhilHealth’s systems were hit by a ransomware attack, with hackers reportedly threatening to release the data stolen from its database should the agency fail to pay them $300,000 or P17.038 million based on the prevailing exchange rate of P56.795:$1.

PhilHealth had said that it would not pay the ransom that cyber hackers demanded in exchange for the stolen data from their website.

PhilHealth earlier said a total of 72 workstations have been compromised by the Medusa ransomware attack, which prompted a shutdown of its system.

The state health insurer said it has yet to verify the alleged leaked members’ data that was reportedly found in the dark web.

“On the alleged demand for ransom, we reiterate the government’s policy of not paying one to criminals. PhilHealth also guarantees the public that its databases are intact, safe and secure,” it said.

“Members are also assured that their benefit entitlement will not be hampered due to this incident. Interim arrangements while systems are offline have been instituted to ensure that members continually avail of their PhilHealth benefits anytime and anywhere in the country,” it added.

The agency said it continues to work closely with DICT and National Privacy Commission (NPC) to address the situation.

It added that it also coordinated with the National Bureau of Investigation (NBI) and Philippine National Police (PNP).

“PhilHealth also welcomes calls for inquiry to get to the bottom of this incident. PhilHealth shall rightfully impose disciplinary actions to people who have been remiss in the performance of their duties if they are found liable,” it said.

“PhilHealth sincerely asks for the public’s understanding and support during this time and implores certain groups and   sectors to refrain from concocting false and misleading information to avoid creating panic and distrust among our members and stakeholders,” PhilHealth added.

The state health insurer said it takes the incident seriously and is “seizing the opportunity that this incident brings to further strengthen its information security infrastructure in order to prevent this from happening again.” —KBK, GMA Integrated News