PhilHealth won’t be able to retrieve leaked data —official

An official of the Philippine Health Insurance Corporation (PhilHealth) said Wednesday that the agency might no longer be able to retrieve the compromised data that were leaked following the ransomware attack.

PhilHealth corporate affairs group acting Vice President Rey Baleña admitted to this when asked in a public briefing what are the steps being taken by the state health insurer to recover the leaked information of the victims.

“Unfortunately, sa pagkakaalam ko, ay hindi na po natin ito mababawi. Ang atin na lamang pong gagawin moving forward ay hindi na ito mangyari sa pamamaraan na masiguro na meron tayong supisyenteng antivirus software,” he said.

(Unfortunately, as far as I know, we can't get them back. The only thing we will do moving forward is to prevent this from happening again by ensuring that we have sufficient antivirus software.)

PhilHealth was hit by a ransomware attack on September 22, prompting the temporary shutdown of its online systems.

The hackers leaked the compromised data days after the deadline for a ransom payment of about $300,000, or approximately P17 million, expired.

Millions of people were affected by this data breach, the Department of Information and Communications Technology said. 

PhilHealth had confirmed that its antivirus software had expired on April 15, and that it was not able to renew its subscription immediately due to complicated government procurement processes.

“As we speak now, ay meron na tayo na naka-up, naka-install [na antivirus software]. As we speak now, awarded na sa ating bagong provider ‘yung kontrata para sa ating antivirus software,” Baleña said.

(As we speak now, we already have antivirus software installed. The contract for our antivirus software has been awarded to our new provider.)

National Privacy Commission (NPC) Chief of Complaints and Investigation Mike Santos, meanwhile, reminded PhilHealth employees and members to change their passwords in their online accounts.

“‘Yung password, hindi lang ‘yan gateway sa email account mo. ‘Yung email account natin, naka-connect ‘yan sa social media accounts, sa bank accounts, sa e-wallet. ‘Pag na-takeover niya ‘yung email mo, malaki ang possibility na ma-takeover ang social media, e-wallet, online banking,” he said during a Kapihan sa Manila Bay forum.

(The password is not only a gateway to your email account. Our email account is connected to social media accounts, bank accounts, and e-wallet. If hackers take over your email, there is a great possibility of them also taking over your social media, e-wallet, and online banking.)

Despite this, Santos said that the NPC will prepare to receive a huge bulk of complaints, if ever.

“Kung ready, million ‘yan, but we’ll try to be ready kasi duty namin ‘yan [that’s our duty] to the public. To the best of our capability, we’ll be ready to receive complaints,” he added.—LDF, GMA Integrated News