PhilHealth confirms antivirus subscription had expired amid ransomware attack

PhilHealth acknowledged that its antivirus subscription had expired, amid a ransomware attack that led to the state health insurer disabling its system as part of security containment measures.

In Mark Salazar's report on "24 Oras" on Monday, PhilHealth confirmed that its antivirus software had expired on April 15, but that it had not been able to renew its subscription immediately due to complicated government procurement processes.

However, it added, temporary antivirus software is now in place.

"Ineradicate po yun pong virus at ito ang mga nire-ready natin para magamit na ulit ng ating mga kasamahan. So hindi naman lahat ng workstation ay napasok," said PhilHealth Corporate Affairs Group OIC Rey T. Baleña.

PhilHealth was hit by a Medusa ransomware attack on September 22, prompting the temporary shutdown of its online systems.

Hackers reportedly threatened to release the data stolen from its database unless the agency paid $300,000 in ransom. PhilHealth stressed that it would not pay.

It also said that the cyberattack affected the application server and at least 72 employees' workstations.

This weekend, PhilHealth said it has regained control of its system, without having to pay the ransom.

"Dahil wala silang nakuha ni isang kusing...they will try to monetize the information by selling the information to scammers," warned Information and Communications Technology Secretary Ivan Uy.

The Department of Information and Communications Technology has urged PhilHealth employees and members to change the passwords of their online accounts.

PhilHealth has also urged the public to enable multi-factor authentication, monitor suspicious activities in their online accounts, refrain from opening and clicking on suspicious emails and links or answering suspicious calls.

On Monday, the DICT confirmed that millions had been affected by the data breach. 

DICT Undersecretary Jefferson Dy said that while the hackers did not leak information to the public, they provided the DICT a 40-minute video showing the information stolen from the compromised database.

“They posted a 40-minute video showing what they got. They’ve got videos, 1x1 photos of a lot of people, they’ve got GSIS cards, including some ATM cards of PhilHealth employees,” he said.

The DICT's shrinking budget has also come into focus as a result of the cyberattack. From its P1 budget in 2022, its budget shrank to P600 million in 2023, and its proposed budget for 2024 is only P300 million. — BM, GMA Integrated News