PhilHealth: Members' info safe after ransomware attack

State-run Philippine Health Insurance Corporation (PhilHealth) on Tuesday reiterated the recent ransomware attack against its servers did not compromise the database of members. 

In a statement, PhilHealth clarified an earlier advisory it issued, saying the members’ information, claims, contributions, and accreditation are stored in a separate database and are “intact and completely unaffected” by the cyberattack.

“Only the application servers and employees’ workstations have been affected by the said cyberattack. Hence, files stored locally in the hard drive of the infected workstations may have been compromised,” the state insurer said.

“An inventory is being conducted in order to determine the extent of information which may have been exfiltrated from these workstations,” it added.

A Medusa ransomware hit PhilHealth on September 22, prompting the temporary shutdown of its online systems.

Hackers reportedly threatened to release the data stolen from its database should the agency fail to pay them $300,000 or approximately P17 million ransom.

But PhilHealth stressed that it would not pay for such an amount.

A week later, on September 29, PhilHealth announced that its corporate website, member portal, and e-claims were already accessible to the public after the shut down.

On Monday, PhilHealth executive vice president and COO Eli Santos said that what was only compromised by the Medusa ransomware attack was the workstations of their employees based in Pasig City.

“We have databases, we have servers and our general PhilHealth membership data were not affected. That's for sure, it was not affected,” he said.

The agency said the urgent notices it issued were in compliance to the requirement of the National Privacy Commission.

It also said it is reaching out employees and individuals that may have been affected by the cyberattack and is currently coordinating with various government agencies in the investigation.

“We continue to appeal to our members to remain vigilant and to refrain from opening, sharing, liking or reposting malicious posts as it only magnifies the damage caused by the perpetrators,” said PhilHealth.

“We value the trust reposed by our members in our agency as we strengthen our information security measures to protect your right to data privacy,” it added.—LDF, GMA Integrated News