PhilHealth won't pay 'ransom' after cyber attack

State health insurer Philippine Health Insurance Corporation (PhilHealth) on Monday said it would not pay the $300,000 or approximately P17 million ransom that cyber hackers demanded in exchange for the stolen data from their website.

“Definitely po, hindi tayo magbabayad ng ransom,” PhilHealth Finance Policy Sector spokesperson and Senior Vice President Israel Francis Pargas said on Jun Veneracion’s “24 Oras” report.

(We won’t pay the ransom.)

PhilHealth over the weekend announced it is working to restore its systems by Monday, September 25, after being hit by Medusa ransomware.

Ransomware is a type of malicious software that can block access to a computer system and can only be removed by paying a ransom.

PhilHealth has since shut down its online systems to assess the impact of the cyberattack and opted for manual processing of the member benefits.

“Hopefully within the day or early tomorrow morning eh meron na po tayong ma-i-up na system para maibalik na po natin ang ating normal operation,” said Pargas.

(Hopefully, we’ll have another system to return our operations to normal within the day or early tomorrow morning.)

For its part, the Department of Information and Communications Technology (DICT) said the cyber hackers uploaded some information and documents from PhilHealth to the dark web.

The hackers also posted a countdown, showing the state insurer has only eight days to pay the ransom or they will release the data stolen from its database.

“Parang may proof of life o proof of data kami kasi hindi mo naman makuha itong mga data and memos na ito kung saan kasi internal documents,” said DICT cybersecurity expert John Patrick Lita, warning the leak of the sensitive information may lead to the proliferation of illegal activities such as fraudulent claims.

(It served as proof of life or data. Because you cannot source that information anywhere.)

The DICT clarified the national health insurance database was not compromised.

“Ang nakuha ang personal info ng mga empleyado. Mga internal memo, internal files, work files,” the cybersecurity expert added.

(They got the employees’ information. The internal memos, files, work files.)

Lita said the group made serious threats, adding the incident showed government agencies should invest and strengthen their cybersecurity.—Sundy Locus/LDF, GMA Integrated News