RANSOMWARE GROUP MEDUSA STARTS ‘SPILLING’ SENSITIVE DOCS AS STATE HEALTH INSURER REMAINS FIRM VS. $300K RANSOM 

DUE to the firm stance of the state health insurer PhilHealth against yielding to the ransom demands of the ransomware group Medusa, they have started revealing sensitive documents that were compromised, as they reported.

The Philippine Health Insurance Corporation (PhilHealth) has recently declared on mainstream media that it has no intention of paying a ransom to the Medusa ransomware group in exchange for the hacked data in its system.

During a public briefing on Tuesday, Dr. Israel Pargas, PhilHealth’s Senior Vice President, stated that they will adhere to the government’s “no ransom” policy and will not negotiate with cybercriminals responsible for the attack on their agency’s system.

Pargas explained that there was no direct ransom demand made to PhilHealth, and they only learned about the reported demand of $300,000 or approximately P17 million through the news.

“In line with the government’s policy, we will not pay anytime there is a ransom demand,” Pargas affirmed.

According to their initial investigation, no medical information was compromised, and no personal information of PhilHealth members leaked.

Their investigation also revealed that 72 workstations were affected by the Medusa ransomware, including PhilHealth’s website, e-claim system, member portal, and collection system.

As of now, Pargas stated that all their systems are still shut down to determine the extent of the impact of the Medusa ransomware, leading to manual operations since September 23, 2023.

They continue their investigation in cooperation with the National Privacy Commission, as well as the cybercrime units of the Philippine National Police (PNP) and the National Bureau of Investigation (NBI). (ai/mnm)