In response to the recent ransomware attack on its systems, the Philippine Health Insurance Corporation (PhilHealth) released a statement on Tuesday, Oct. 3, to clarify the extent of the breach and reassure its members regarding the safety of their private information.

PhilHealth emphasized that the ransomware attack “did not compromise” the security of their servers containing members' private information.

It said that the membership database, claims records, contribution information, and accreditation data, all stored in a separate and secure database, remain entirely “intact and unaffected” by the cyberattack.

However, the health insurance agency noted that the cyberattack did target application servers and employees' workstations.

Consequently, files stored locally on the hard drives of these affected workstations may have been “compromised,” according to PhilHealth.

It also stressed that PhilHealth is currently conducting a comprehensive inventory to ascertain the extent of any potential data exfiltration from these machines.

Proactive compliance with privacy regulations

Meanwhile, PhilHealth emphasized that its "Urgent Notice to the Public" was issued in strict compliance with the requirements of the National Privacy Commission (NPC).

This proactive approach, PhilHealth said, aimed to reach out to and inform data subjects who may have been affected by the cyber attackers' actions.

The agency also used this opportunity to remind the public to remain vigilant in safeguarding their personal and sensitive information.

“The goal is to identify and apprehend the individuals responsible for this criminal act,” PhilHealth said.

The agency continued to urge its members and the general public to exercise extreme caution and refrain from engaging with or sharing malicious posts related to the cyberattack.

Such actions, PhilHealth emphasized, only serve to magnify the damage caused by the attackers.

Likewise, in an urgent notice to the public on Monday, Oct. 2, PhilHealth stated, "If you have not received a notification from us, you may not have been affected. However, we recommend that you take the following steps as a precaution."

The steps outlined by PhilHealth include monitoring credit reports for any unauthorized activities, placing fraud alerts on individual credit reports, changing passwords for all online accounts, especially financial ones, and exercising caution when dealing with phishing emails and smishing (SMS phishing) texts.

This PhilHealth cyberattack incident has raised concerns about data security and privacy, prompting individuals to take proactive measures to protect their personal information.

Meanwhile, PhilHealth said it is actively engaged in collaborative efforts with multiple government agencies, including the Department of Information and Communications Technology (DICT), the NPC, the Philippine National Police (PNP) Cybercrime Division, the Cybercrime Investigation and Coordinating Center (CICC), and the National Bureau of Investigation (NBI).

Stay cautious and informed

Related to this, PhilHealth IT experts also issued a stern warning as the "Medusa" virus is expected to unleash the data it allegedly obtained from PhilHealth.

In a press conference on Oct. 2, PhilHealth President and Chief Executive Officer (CEO) Emmanuel R. Ledesma, Jr., acknowledged the situation. “It's important to note that no membership data has been compromised,” he said. “We urge everyone to exercise caution and await further developments,” he added.

Ledesma stressed that PhilHealth has “nothing to hide” as the membership records remain “intact.”

PhilHealth, he added, is not worried about the content of any data that may be released. “Our records are secured. Whatever the hacker unveils, it's likely to be a ‘fabricated’ or ‘unreal” account,” he added.

Amid this, Ledesma underscored the importance of staying vigilant. "I hope that the media remains vigilant and serves as tools for the people so that they can decipher and discern what is right, what is true, and what is not true, and if Medusa publishes false, fabricated, or counterfeit information, the public should be able to recognize it,” he said.

While PhilHealth maintained confidence in the security of its membership data, Ledesma noted that some personal concerns are expected.

"On a personal level, I am concerned because these criminals are capable of executing crazy things and they have the ability to create counterfeit information and more,” Ledesma said. “So, let's cross the bridge when we get there. Let's see what they come up with,” he added. (Zekinah Elize Espina)