The Philippine Health Insurance Corporation (PhilHealth) confirmed that around 92 workstations have been “compromised” following the ransomware attack last month.
PhilHealth's Senior Vice President for Health Finance Policy Israel Pargas confirmed this in an interview on CNN Philippines' The Source on Oct. 4.
Pargas noted that the 92 workstations, which happened to be the personal computers of PhilHealth employees, were affected by the incident.
These workstations, he added, contained internal memos and employee IDs, which appear to have been targeted by the hackers.
Despite the absence of a direct compromise to members' data, Pargas emphasized that PhilHealth takes the situation seriously.
“This is still data, even if it is personal data of our employees, and so we are also coming out with a notice to the public that in case there are reports that are probably data that are out there, they should inform us to make sure that we should be doing anything about it,” he said.
Regarding the 92 compromised workstations, Pargas clarified that each computer is dedicated to a single employee, and the organization does not implement computer sharing or shifting.
Consequently, each employee's access is limited to their designated computer, he added.
"We are still investigating this matter; we are carefully examining each affected computer,” he said. “So far, we haven't found any indication of this occurring, except for some instances where computers may have been used for research related to our data, but this does not apply to all cases,” Pargas explained.
Pargas added that most of the 92 computers mentioned serve as “frontline workstations.”
Meanwhile, Pargas allayed concerns regarding the potential compromise of member data due to employee computer access.
“When we checked our databases, which contain data for our members and patients, they are all intact, and we believe that there has been no leak,” he added.
PhilHealth issued a public notice on Oct. 2, urging individuals, especially PhilHealth employees to remain vigilant, change their passwords, and exercise caution while clicking on links or downloading attachments in emails.
As investigations continue, PhilHealth said it will provide more information on the extent of the breach and any potential risks to member data. (Zekinah Elize Espina)