PhilHealth hit by Medusa ransomware, aims for site restoration by Monday

The Philippine Health Insurance Corp. (PhilHealth) over the weekend said it is working to restore its systems by Monday, September 25, 2023, after being hit by the Medusa ransomware, with the hackers demanding a $300,000 ransom for the stolen data.

The agency’s system—including its website, Health Care Institution (HCI) and member portal, and e-claims—were disabled or unplugged as part of security containment measures.

“Affected systems shall be restored at the soonest possible time after the completion of the needed configuration and reinforcement of existing information security measures,” PhilHealth said in a post uploaded on its official Facebook page.

“PhilHealth’s Management assures the public that the incident is under control and that no personnel information and medical information has been compromised or leaked,” the statement added.

This comes as PhilHealth’s systems were targeted by the Medusa ransomware, which is threatening to release the data stolen from its database should the agency fail to pay them $300,000 or P17.038 million based on the prevailing exchange rate of P56.795:$1.

In the meantime, PhilHealth has called for the implementation of interim measures such as the continuous release of benefits of the National Health Insurance Program (NHIP) to members and their qualified dependents.

PhilHealth is mandated to administer the National Health Insurance Program which aims to provide health insurance coverage and ensure affordable, acceptable, available, and accessible healthcare services for all citizens of the Philippines.

It has also advised accredited healthcare facilities to continue deducting PhilHealth benefits and devise temporary arrangements with patients who are for discharge, for them to avail of the benefits.

“Meanwhile, PhilHealth continues its operations and processes transactions that can be done manually while configurations are ongoing,” PhilHealth said.

“PhilHealth asks for the public’s understanding regarding this untoward incident,” it added.

PhilHealth said it has already coordinated with the Department of Information and Communications Technology (DICT), the National Privacy Commission (NPC), and the cybercrime units of the National Bureau of Investigation (NBI) and the Philippine National Police (PNP) to conduct forensic investigation and assessment on the matter.

The DICT on Sunday also advised government agencies to review policies regarding employees bringing their own devices to offices, and the access management policies on work-from-home arrangements due to the Medusa ransomware.

In 2019, then-President Rodrigo Duterte in 2019 signed the Universal Health Care Act, making all Filipino citizens automatically enrolled into the National Health Insurance Program. — Jon Viktor D. Cabuenas/BM, GMA Integrated News