DICT assures PhilHealth members’ data ‘not hit’ by ransomware attack


The Department of Information and Communications Technology (DICT) assured the public that the Philippine Health Insurance Corporation's (PhilHealth) membership database has not been affected by the ransomware attack last Sept. 22.

photo-1614064641938-3bbee52942c7.webp
Photo courtesy of Unplash

READ:

https://mb.com.ph/2023/9/22/medusa-ransomware-unleashes-unprecedented-cyber-attack-against-philhealth

"So, what I can tell the public is that it is true that the PhilHealth’s membership database, all of us are members of PhilHealth, these were not hit by the ransomware by the Medusa," DICT Undersecretary Jeffrey Dy said in a CNN Philippines interview on Oct. 4.

However, he said a significant number of workstations used by PhilHealth employees have been compromised.

"These are where the information or the data that is now being held by the hackers came from," he added.

As of Oct. 3, the application system of PhilHealth, including the official website and member portal, has been back online.

READ:

https://mb.com.ph/2023/10/4/phil-health-application-systems-back-online

Dy reiterated that the extent of data held by the culprits remains unknown.

"Right now, I cannot confirm how much information they hold," Dy said.

He also said that the hackers have gradually released small amounts of information online.

"So far, they published Excel sheets, they published a lot of pictures, they published a lot of memos (memorandum)," he said.

"Right now, the full data, which is being held by hackers, has not yet been published," Dy said.

"I don't know why; maybe they are still hoping that we’ll pay them," he added.

Meanwhile, Dy emphasized that the confidential or intelligence funds would assist the agency, especially the Cyber Crime Security Bureau.

"I really believe that a confidential fund would help us a lot in responding to these particular types of issues," DICT Undersecretary said.

"For the DICT, especially the Cyber Crime Security Bureau, because there are instances that we need to buy data from the dark web to confirm the spread of particular—the spread of the data leaks," he explained.