PhilHealth says 72 workstations affected by Medusa ransomware

A total of 72 workstations of the Philippine Health Insurance Corp. (PhilHealth) have been affected by the Medusa ransomware that prompted the shutdown of the agency’s system, an official said Tuesday.

According to PhilHealth senior vice president Dr. Israel Francis Pargas, the findings were from an initial investigation, with a number of government agencies now looking further to address the matter.

“According to our initial investigation, there were around 72 workstations that were affected and ‘yun pong ating mga system na naapektuhan (the systems affected) is, of course, our website, our e-claims system, our member portal, and our collection system,” he said at a public briefing.

PhilHealth got wind of the Medusa ransomware attack on Friday, September 22, and was reported to have been threatened to pay $300,000 in exchange for the stolen data from the agency’s database.

“Ang nangyari po nito is they are getting the data at ito po’y ine-encrypt nila at pagkatapos po noon sila ay hihingi ng ransom demand para po ma-decrypt ‘yung data at magamit muli,” Pargas said.

(What happened here is they got the data and encrypted it, and then they asked for a ransom demand for the data to be decrypted and usable again.)

PhilHealth said it is now working to restore its system, which it targets to complete within the day. It earlier said it aimed to reinstate its portal by Monday, September 25, 2023.

“According to our initial investigation ay wala naman pong (there is no) leak with regard to personal information and walang na-compromise na medical information ng ating mga miyembro sa ating unang pagsisyasat at pag-iimbestiga, (of our members based on the initial studies)” Pargas said.

PhilHealth is now in coordination with the Department of Information and Communications Technology (DICT), the National Privacy Commission (NPC), and the cybercrime units of the National Bureau of Investigation (NBI) and the Philippine National Police (PNP) to conduct forensic investigation and assessment on the matter.

PhilHealth is mandated to administer the National Health Insurance Program which aims to provide health insurance coverage and ensure affordable, acceptable, available, and accessible healthcare services for all citizens of the Philippines.

The agency has maintained that it will not pay the ransom, in line with the government’s protocol.

The DICT on Sunday also advised government agencies to review policies regarding employees bringing their own devices to offices, and the access management policies on work-from-home arrangements due to the Medusa ransomware. — RSJ, GMA Integrated News