But membership, financial, claims details intact, agency claims
Hackers have started exposing data of the Philippine Health Insurance Corp. (PhilHealth) on the dark web, the state health insurer admitted Tuesday, a day after denying the group’s $300,000 ransom demand and dismissing the threat of information getting leaked online as “clearly a bluff.”
PhilHealth senior vice president and spokesman Israel Pargas said identification cards of their employees have been leaked online so far after the Medusa ransomware attack on their system.
He said “membership data, financial data and claims data” remained intact.
“The ransomware attack DID NOT affect our servers containing members’ private information. PhilHealth’s membership database, claims, contribution and accreditation information which are stored in a separate database are intact and completely unaffected by the said cyberattack,” it added in a clarificatory statement last night.
“Only the application servers and employees’ workstations have been affected by the said cyberattack. Hence, files stored locally in the hard drive of the infected workstations may have been compromised.”
“An inventory is being conducted in order to determine the extent of information which may have been exfiltrated from these workstations.”
“The said Notice is in faithful and substantial compliance to the requirement of the National Privacy Commission to proactively reach out to and inform data subjects who may be affected by the malicious posts of the attackers.”
“Likewise, this is a reminder to the public to stay vigilant in protecting personal and sensitive information. We are actively reaching out to the public and the employees whose information may have been compromised,” PhilHealth said.
Department of Information and Communications Technology Undersecretary Jeffrey Dy said based on their initial analysis, among the information leaked online were PhilHealth employees’ identification cards, including Government Service Insurance System IDs.
Dy said they also saw copies of employees’ payroll and other details such as “their regional offices, memos, directives, working files, [and] hospital bills” on the dark web.
Pargas said PhilHealth is still determining the extent of the breach.
“Right now, the National Privacy Commission is also doing another investigation looking deeper into the incident, looking into what really happened and what was the cause, and even looking into people and systems in the corporation to see if there is any negligence with regard to the part of the corporation,” he said.
For her part, Gabriela party-list Rep. Arlene Brosas slammed PhilHealth for its belated admission of a data breach since the Medusa ransomware attack on September 22.
“This should prompt an urgent independent investigation by the House to put concerned agencies to task and to identify the perpetrators of the data breach,” she said.
“The implications of this cyber attack might be worse in magnitude, considering the belated admission of PhilHealth and the pendency of investigations of concerned agencies such as the National Privacy Commission. Unfortunately, we have yet to hear from Malacañang on this issue,” Brosas added.