Gabriela Party-list Rep. Arlene Brosas slammed the Philippine Health Insurance Corp. (PhilHealth) Tuesday, Oct. 3 for its belated admission of a data breach following the Medusa ransomware attack it suffered two weeks ago.
Brosas blasts PhilHealth for late admission of data breach
Oct 3, 2023 09:24 AM
At a glance
Gabriela Party-list Rep. Arlene Brosas
Gabriela Party-list Rep. Arlene Brosas slammed the Philippine Health Insurance Corp. (PhilHealth) Tuesday, Oct. 3 for its belated admission of a data breach following the Medusa ransomware attack it suffered two weeks ago.
“It is alarming that PhilHealth only confirmed the leak of personal information of PhilHealth contributors weeks after the Medusa ransomware attack on Sept. 22," Gabriela Party-list Rep. Arlene Brosas said in a statement.
"This should prompt an urgent independent investigation by the House to put concerned agencies to task and to identify the perpetrators of the data breach,” said the Makabayan solon.
Last Sept. 26, the government health insurer told House members during the plenary debates on the P5.768-trillion General Appropriations Bill (GAB) that PhilHealth's member database wasn't compromised during the Medusa episode.
The Medusa ransomware is a type of malware that encrypts files and demands a ransom payment in exchange for the decryption key.
“Yung mga personal information na nakuha ng hackers, pwedeng gamitin para magsagawa pa ng ibang krimen laban sa PhilHealth members tulad ng identity theft (The personal information stolen by hackers could be used in crimes against PhilHealth members, like identity theft.)
"That’s why it is baffling for Philhealth to downplay concerns at the onset of the cyber attack,” noted Brosas.
According to PhilHealth, personal information of members such as name, address, birth date, phone number and PhilHealth ID number were stolen by the Medusa ransomware group.
“The implications of this cyber attack might be worse in magnitude, considering the belated admission of PhilHealth and the pendency of investigations of concerned agencies such as the National Privacy Commission. Unfortunately, we have yet to hear from Malacañang on this issue,” Brosas said.
The Gabriela lawmaker said the House Committee on Information and Communications Technology can conduct an urgent motu proprio probe on the Medusa ransomware attack during the congressional break.