GMA Brandtalk
Tracking
Archives
DICT: Restoration of ransomware-hit PhilHealth system underway
The Department of Information and Communications Technology (DICT) said Thursday efforts to restore the system of the Philippine Health Insurance Corp. (PhilHealth), which was hit by a ransomware attack, are ongoing.
In a statement, the DICT said its Cybersecurity Bureau proactively responded to address the ransomware on PhilHealth last Friday, September 22.
“Efforts to restore the functionality of PhilHealth’s DNS (Domain Name System) server are underway,” the DICT said.
“We shall continue to investigate and monitor the acquired logs from PhilHealth's affected systems,” it added.
PhilHealth earlier said a total of 72 workstations have been compromised by the Medusa ransomware attack, which prompted a shutdown of the state health insurer’s system.
Hackers were reportedly threatening to release the data stolen from its database should the agency fail to pay them $300,000 or P17.038 million based on the prevailing exchange rate of P56.795:$1.
The state health insurer had said that it would not pay the $300,000 or approximately P17 million ransom that cyber hackers demanded in exchange for the stolen data from their website.
“Definitely po, hindi tayo magbabayad ng ransom,” PhilHealth Finance Policy Sector spokesperson and Senior Vice President Israel Francis Pargas said on Jun Veneracion’s “24 Oras” report on Monday.
(We won’t pay the ransom.)
The DICT, meanwhile, said it prepared an “extensive checklist” to benchmark PhilHealth’s readiness to get their systems online.
“The DICT is committed to ensuring the full restoration of security and stability in PhilHealth systems and to safeguarding government systems and infrastructure from malicious cyber threats,” it said.
The ICT Department said its Cybersecurity Bureau’s National Computer Emergency Response Team (NCERT) went to PhilHealth Head Office and implemented critical security measures which included the disconnection of workstations from the network, prompt coordination with the state insurer to gauge the extent of the attack, and collection of relevant logs for thorough analysis.
“As of September 25, 2023, PhilHealth's critical web services are only accessible via their IP addresses and currently ongoing comprehensive security scanning,” the DICT said.
“The DICT condemns the ransomware attack carried out against PhilHealth in an attempt to illegally access the information of its members,” it said. — RSJ, GMA Integrated News
