The Philippine Health Insurance Corporation (PhilHealth) on Monday, Oct. 2, assured that it remains committed to addressing concerns and other issues brought about by a recent ransomware attack that disrupted its operations.

“We are diligently working to restore other systems, including the HCI [Health Care Institution] Portal and application servers, following thorough security testing,” PhilHealth President and Chief Executive Officer (CEO) Emmanuel R. Ledesma, Jr. said in a press conference in Pasig City.

PhilHealth officials addressed several key issues --- including a recent ransomware attack, the status of claim reimbursements to hospitals, and the liquidation of the Interim Reimbursement Mechanism (IRM) --- during the press conference.

Ransomware attack

As PhilHealth reels from the impact of the recent cyber attack, Ledesma strongly condemned the “malicious act” and emphasized the agency’s commitment to protect its members' privacy and information.

Ledesma noted that “immediate measures” were taken upon detection of the attack to contain its spread and PhilHealth's swift response received recognition from the Department of Information and Communications Technology (DICT).

PhilHealth, Ledesma said, is aware that the disruption caused inconvenience to its members and stakeholders.

“We issued announcements and advisories to guide interim arrangements and ensure the continuity of essential services, particularly member benefits,” Ledesma said.

Probe continues

Meanwhile, Ledesma noted that investigations are currently in progress with collaboration from various agencies, including the National Privacy Commission (NPC), the National Bureau of Investigation (NBI), and the Philippine National Police (PNP).

“We are fully committed to supporting these agencies in their pursuit of the truth and holding the culprits accountable,” he added.

Ledesma said that investigations into the incident are ongoing, with the cooperation of various agencies, and PhilHealth has encouraged the public to avoid spreading false or misleading information.
Affected systems 

PhilHealth has also provided specific details about the systems affected and reassured the public regarding the security of members' private information.

Executive Vice President and Chief Operating Officer Eli Dino D. Santos clarified in a briefing that PhilHealth's general membership data “remained secured” with servers containing members' private information remaining unaffected by the cyberattack.

Santos explained that only the application servers and employee workstations were affected by the ransomware attack.

Meanwhile, PhilHealth Information Technology and Management Department Senior Manager Nelson De Vera assured that essential data, including the membership database, claims, contributions, and accreditation information, were stored in a separate database that remained “unaffected” by the cyberattack.

The Computer Professionals' Union had earlier expressed concerns, highlighting the government's perceived "lack of capacity to protect its citizens from cyberattacks against its infrastructure" in the wake of the ransomware attack.

Claim payments

Regarding the processing of claims, Ledesma acknowledged concerns from healthcare providers but reassured them of PhilHealth's dedication to settling pending claims, particularly those amounting to P27 billion affected by pandemic-related challenges.

“We are pleased to announce that since the Aug. 2, 2023 cut-off date, we have disbursed a total of P20.651 billion in payments, accounting for 76 percent of the P27 billion claims,” Ledesma said.

PhilHealth also expressed confidence in fulfilling its remaining obligations by year-end and urged healthcare facilities to continue providing excellent care to members, assuring them of the expeditious restoration of systems.

Ledesma explained that the health insurance agency is preparing the Debit Credit Payment Mechanism (DCPM) to provide the necessary support to all accredited healthcare facilities.

“Our message to our partner health facilities is clear: you can trust us to fulfill our commitment to you and we request that you continue providing excellent care to our members, ensuring their benefits are administered accurately. Rest assured; our systems are being restored expeditiously,” he added.

IRM liquidation

Ledesma announced the 100 percent liquidation of the Interim Reimbursement Mechanism (IRM), which amounted to P14.970 billion distributed to 711 healthcare facilities nationwide.

He also addressed allegations of misappropriation, emphasizing their lack of veracity and citing confirmation from the Commission on Audit (COA).

Ledesma also pointed out that, according to COA's Management Letter dated Sept. 22, 2023, full compliance with IRM transactions and recommendations, including tax-related matters, was confirmed.

“Our records remain open, and we have nothing to hide,” he said. “COA verification stands as a testament to the transparency and integrity of our actions,” he added. 

Ledesma assured that PhilHealth is actively working to address the ransomware attack, process claim reimbursements, and maintain transparency in its actions, as affirmed by the COA's findings regarding the IRM. (Zekinah Elize Espina)