Millions affected by PhilHealth data breach —DICT

Millions of people were affected by the data breach in the system of Philippine Health Insurance Corporation (PhilHealth), Information and Communications Technology Secretary Ivan John Uy said Monday.

“Unfortunately it is a significant amount, millions. We are 90% done baka lumiit pa 'yung numero kasi may nakikita kaming duplicates, may mga files na duplicate (but the number might decrease because there were duplicates),” Uy told reporters when asked how many people were affected by the data breach.

He said the hackers may sell the leaked information to scammers and phishers considering that the perpetrators were not able to get the money they asked.

“They will try to monetize the information by selling to scammers, to phishers para gamitin 'yung data nila (to use their data),” he said.

Investigators are still trying to identify if the hackers are Filipinos or foreigners, according to Uy.

“If these are operating from third countries that are safe haven for them, hindi natin mapi-pin down iyon. Ma-identify lang natin (we won't be able to pin them down. We can only identify them), that's part of our investigation," he said.

“Sa tingin ko naman 'yung local hindi sila maglalakas loob dahil mahahabol natin sila. Nasa loob ng ating jurisdiction (I don't think the locals will have the courage to do this because we can go after them. They are within our jurisdiction),” he added.

Earlier, the DICT said hackers leaked the compromised data from the ransomware attack against PhilHealth.

The DICT said the Confucius group uploaded a copy of over 600 gigabytes of files to a website and a Telegram channel after 4 p.m. on October 5, two days after the deadline for a ransom payment of about $300,000, or approximately P17 million, expired.

A video of the leaked information showed photos, bank cards, and transaction receipts of the victims, among others.

The DICT clarified that the transaction data of some PhilHealth members were leaked but the members' database was not affected by the cyberattack.

DICT Undersecretary Jeffrey Dy said their analysis showed that there were no remnants of the Medusa malware in the members' database.—AOL, GMA Integrated News