The website and member’s portal of the Philippine Health Insurance Corp. (PhilHealth) went back online yesterday after eight days of being offline after a ransomware attack.
Philhealth’s e-Claims system also resumed online operations yesterday.
The Department of Information and Communication Technology (DICT) earlier advised Philhealth to shut down its public-facing application systems to isolate key services and ensure the ransomware infection will not spread to critical computers.
In a statement, PhilHealth said it has yet to verify reports that leaked members’ data that was reportedly found in the dark web.
As for the alleged ransom demand of the hackers, the state health insurer reiterated the government’s policy of not paying one to criminals.
It also assured the public that its databases are intact, safe and secure.
“Members are assured that their benefit entitlement will not be hampered due to this incident. Interim arrangements while systems are offline have been instituted to ensure that members continually avail of their PhilHealth benefits anytime and anywhere in the country,” it said.
“PhilHealth continues to work closely with the DICT and National Privacy Commission (NPC) to address the situation. It also coordinated with the National Bureau of Investigation (NBI) and Philippine National Police (PNP) toward this end.”
PhilHealth also appealed to the public to refrain from concocting false and misleading information to avoid creating panic and distrust among members and stakeholders.
“The entire state health insurance agency takes this incident seriously, seizing the opportunity that this incident brings to further strengthen its information security infrastructure in order to prevent this from happening again,” PhilHealth said.
The DICT said the Medusa ransomware attacks began globally in 2019.
International syndicates usually acquire data from websites and encrypt them. For the data to be decrypted and used again, these groups demand a ransom payment from owners of compromised device/s.
“Once inside the network, the Medusa ransomware will then move laterally on the network to infect other machines via Server Message Block or by exploiting the Windows Management Instrumentation,” the DICT said.
The agency advised government agencies and the public to refer to the technical advisory through the link https://dict.gov.ph/wp-content/uploads/2023/09/DICT-Medusa-Advisory.pdf. This provides further details about the Medusa ransomware and the measures that must be implemented to prevent it from accessing systems and devices.