Philippine Health Insurance Corporation Archives

PHILHEALTH EXPERIENCES YET ANOTHER DATA LEAK

MANILA — The Philippine Health Insurance Corp. (PhilHealth) experienced disruptions anew on its website over the weekend, not due to cyber hackers, but as a result of bugs or coding errors, clarified Department of Information and Communications Technology (DICT) Undersecretary for cybersecurity, connectivity, and upskilling, Jeffrey Ian Dy, on Tuesday (16 Jan 2024).

Dy confirmed that the identified bug causing the issues has been successfully addressed, and he assured the public that the PhilHealth website has returned to its normal functioning.

“It seems that there were some errors made in building the website. They fixed it already. It was a bug,” he explained to The Philippine Star.

This incident comes after a Medusa ransomware attack on the PhilHealth website in September of the previous year, during which cyber hackers attempted to extort $300,000 from the organization. Medusa ransomware is malicious software that encrypts files and demands a ransom payment in exchange for the decryption key.

(el Amigo/MNM)

By Junex Doronio

TWO DAYS AFTER THE DEADLINE for a ransom payment of about $300,000 or around P17 million expired, hackers have leaked the compromised data from a recent ransomware attack against the Philippine Health Insurance Corporation (PhilHealth).

This was revealed by Department of Information and Communications Technology (DICT) Undersecretary Jeffrey Dy who said the Medusa ransomware group uploaded a copy of over 600 gigabytes of files to a website and a Telegram channel after 4 p.m. on Thursday, October 5.

“Nasa Stage 3 na tayo, ito na ‘yung final stage sa sinasabi kong triple extortion stages. Sa Phase 3, aatakihin na nila ‘yung mga tao na nakita nila sa database kasi mas prone na ‘yun eh. Is-spam na nila ‘yan. Is-scam na nila yan,” Dy warned.

The DICT believed that the uploader was part of the Medusa ransomware group.

Just to let you know, last September 22, PhilHealth was hit by a Medusa ransomware attack, causing the temporary shutdown of the online systems of the state health insurer.

Hackers reportedly threatened to release the data stolen from its database should the agency fail to pay the ransom of $300,000 or around P17 million.

But PhilHealth stood firm that it would not pay.

On Tuesday, October 3, PhilHealth reiterated that the cyberattack did not compromise its members’ database but affected its employees’ application servers and workstations. (ai/mnm)