Data of 13 million persons compromised in PhilHealth ransomware attack

The personal data of over 13 million individuals have been compromised in the ransomware attack that targeted the database of state-owned Philippine Health Insurance Corporation (PhilHealth), an official said Wednesday.

Data Privacy Officer Nerissa Santiago said PhilHealth had yet to determine the exact number of persons whose data had been affected but was expecting it to reach 13 million to 20 million, including 600 to 800 of its employees.

“We are still analyzing the data that were downloaded and we have obtained from the DICT [Department ion Information and Communications Technology] …So far ang nakita namin is about 13 million na data na individuals pero may mga duplicates pa rin po yun. Inaayos namin para magkaroon ng complete number of information,” Santiago told reporters in a media briefing.

“For the employees na na-leak sa video…nasa 600 ot 800 po siya,” she said.

(We are still analyzing the data that were downloaded and we have obtained from the DICT. So far what we saw is about 13 million individual data may be affected. For the employees it is about 600 to 800.)

On September 22, Medusa ransomware attacked PhilHealth, prompting the temporary shutdown of its online systems.

Hackers leaked the affected database to a website and on Telegram on October 5, days after they asked for $300,000 or approximately P17 million in ransom from PhilHealth in exchange for the information.

The state insurer stressed that it would not pay for such an amount.

Last week, the DICT said millions of people were affected by the data breach.

For her part, Santiago said PhilHealth is working on notifying the affected individuals. She also reminded the public to take precautionary measures to take care of their information including changing pins and ignoring phishing calls.

“The reason that we’re coming out with a notification is at least for the public to be more aware and take precautionary measures in terms of making sure that the information that could have leaked will not be used against them. So changing of pin, 'yung mga tatawag sa kanila, they should not be entertaining those,” she said.

“'Yung database ng ating membership is still intact. 'Yung individual notification for them to make sure that they are informed of what data is leaked, 'yan ang inaayos natin ngayon,” she added.

(Our database for the PhilHealth members is still intact. The individual notification is for them to make sure that they are informed of what data is leaked. We’re working on that.)

Anti-virus to be delivered next week

For his part, PhilHealth IT Senior Manager Nelson De Vera said the state insurer is set to receive its new P14-million anti-virus software next week.

PhilHealth on Tuesday confirmed that its antivirus software had expired on April 15, but that it had not been able to renew its subscription immediately due to complicated government procurement processes.

“We’re expecting that it will be delivered this week. Pero nag-provide rin kami ng contingency requesting our provider if we can still extend our anti-virus for another 30 days. Dalawa ang contingency natin don. As far as the features, covered ito ng protection for malware and the ransomware,” De Vera added.

PhilHealth rejects confidential, intelligence fund

Meanwhile, PhilHealth Executive Vice President and Chief Operating Officer Eli Dino Santos remained firm on his stand that PhilHealth does not need confidential or intelligence funds despite the recent cyberattack.

“I stick to my original position, ayoko talaga ang feeling ko di naman kailangan eh. We can move on properly and in the right way without the use of the confidential fund. That's my position,” Santos added.

Senator Alan Peter Cayetano earlier said some government agencies needed confidential funds, including the DICT.

He also suggested offering a reward of “250,000 to P500,000” for information that will help catch cybercriminals, after a series of attacks on government websites. —NB, GMA Integrated News