PhilHealth web-based system now restored after ransomware attack

The Philippine Health Insurance Corporation’s (PhilHealth) web-based system is now restored almost two months after a complete online system shutdown due to a Medusa ransomware attack.

The state insurance company made the disclosure through Senator Pia Cayetano at the Senate plenary deliberations on the proposed 2024 budget of the Department of Health and PhilHealth.

“As of November 14, today, web-based systems-- e-claims, members’ portal, et cetera are restored. The core system is also restored. Not yet completely restored are the utility systems like risk information system and other internal systems,” Cayetano said.

To prevent similar incidents in the future, Cayetano said PhilHealth has been working on beefing up its security system by creating a crisis committee, putting in place a business continuity plan and hiring a consultant on cybersecurity.

“PhilHealth, for the past few years, has been requesting for an increase in their administrative budget which would cover these ICT upgrades that they need and it was only granted this year, for this [year] 2023,” she said.

“Lagi naman pong may request pero (There were requests but) never in the kind of amount that they wanted to really do a really good upgrading of their system,” she added.

Last September 22, PhilHealth’s systems were targeted by the Medusa ransomware, which threatened to release the data stolen from its database should the agency fail to pay them $300,000 or P17.038 million based on the prevailing exchange rate of P56.795:$1.

The agency’s system—including its website, Health Care Institution (HCI) and member portal, and e-claims—were disabled or unplugged as part of security containment measures.—RF, GMA Integrated News