The Philippine Health Insurance Corporation (PhilHealth) on Wednesday, Oct. 11 committed to notify its members with compromised data following the Medusa ransomware attack.
In the televised Bagong Pilipinas Ngayon interview, PhilHealth’s Acting Vice President of Corporate Affairs Group, Rey Baleña, said the investigation into the hacking incident is ongoing and will notify affected members.
“Kapag naibigay na sa atin itong mga files na na-download po nila [ng Department of Information and Communications Technology], makakapagsimula na po kami ng aming analysis kung sino-sino ang miyembro na nakompromiso, nang maisagawa na namin ‘yung pag reach out at pagnotify sa mga miyembro na nakompromiso (Once the DICT provides us with the files they have downloaded, we can begin our analysis to identify the compromised members and proceed with reaching out and notifying those affected),” Baleña said.
He added that the analysis being conducted by the DICT is “nearing completion.”
Baleña said PhilHealth is eagerly awaiting the DICT files to begin our own analysis and initiate outreach and notification efforts for affected members.
He also expressed concern for the potential impact of the data breach on PhilHealth members, not just the affected ones.
“Kaya, gaya na rin ng ipinahayag ng DICT sa mga nakaraan, ang susunod ay tatargetin na ‘yung mga miyembro na nandun sa mga files na na-download (So, as the DICT has previously stated, the next step is to target the members listed in the downloaded files),” Baleña said.
He also added that the attack could manifest in the form of emails, text messages, or calls.
Members’ protection
“To protect themselves, individuals are urged by PhilHealth to exercise caution and avoid engaging with suspicious communications, clicking on links, or providing information to unknown senders,” said Baleña.
He pointed out that downloading these files is discouraged as it can harm computers and lead to legal consequences.
“Ngayon, ang pinakamabuti at priority ng PhilHealth ay ma-protektahan ang ating mga miyembro. Sa ngayon ay hindi pa namin tukoy kung sino ang mga apektado, pero the safest ay huwag tayong mag-entertain ng mga tawag na suspicious, at email at messages na hindi natin kakilala, sa ganito ay mapo-protektahan tayo (Now, the best and top priority for PhilHealth is to protect our members. At this point, we have not yet identified who has been affected, but the safest approach is not to entertain suspicious calls, emails, or messages from unknown sources to ensure our protection),” Baleña said.
PhilHealth has advised its members, particularly those with accounts on the member portal, to change their passwords and refrain from sharing them with others.
Baleña said they have established temporary email addresses for members to address questions or concerns.
“They can reach out to [email protected] and [email protected],” he said. (Zekinah Elize Espina)