This lapse in security has left the sensitive data of millions of citizens exposed to criminal elements.
The extent of the breach is yet to be fully ascertained, but the Philippine Health Insurance Corp. has issued a stark warning to its over 36 million members, constituting about a third of the country’s population, that their personal information may have been compromised.
The vulnerability in PhilHealth’s cybersecurity defenses, exacerbated by a shift in procurement processes, contributes to a growing trend of cyber attacks targeting Philippine government agencies. This alarming pattern underscores the nation’s susceptibility to cybersecurity threats.
PhilHealth first detected the attack on the morning of September 22 when employees powered up their computers, including those integral to record processing. Shockingly, screens displayed a message attributed to the Medusa group, claiming responsibility for the breach and demanding a hefty $300,000 ransom for the deletion of the agency’s files. Israel Pargas, senior vice president for the health finance policy sector, revealed these details in a recent interview.
Approximately 96 computers, constituting about a tenth of the agency’s units at its metropolitan Manila headquarters, fell victim to the attack. The identity of the Medusa group as the primary culprit remains unverified by independent sources, and the possibility that another group employed the Medusa ransomware cannot be ruled out. The method by which the hackers circumvented PhilHealth’s computer system security also remains unclear.
PhilHealth has taken a firm stance against paying the ransom, opting to brace for potentially severe consequences in the aftermath of this cybersecurity breach. The incident highlights the urgent need for enhanced cybersecurity measures and vigilance in safeguarding sensitive citizen data in the face of evolving cyber threats.
During an interview last week, Israel Pargas, senior vice president for health finance policy sector, said of the breach, “We don’t know how extensive it was. We also don’t know what records were taken. We’ll only know once Medusa releases them.”
PhilHealth’s Vulnerabilities Exposed: Possible Phishing Incident and Ransom Deadline Lapses
Former Department of Information and Communications Technology undersecretary, Monchito Ibrahim, suggests that a staff member may have inadvertently fallen victim to a phishing email, potentially opening the door for hackers to infiltrate PhilHealth’s computer systems.
Compounding the issue, the deadline for the ransom payment has expired. PhilHealth had a 10-day window from September 22 to comply with the hackers’ demands. Reports indicate that the stolen data is now being released on platforms such as Telegram, as disclosed by a group monitoring dark web activities.
Adding to the security woes, PhilHealth’s contract with its antivirus software provider lapsed in May, and renewal was hindered by the government’s revised procurement rules, according to Pargas. In response to the breach, PhilHealth sought assistance from the software provider and accepted a 30-day trial offer for a new antivirus security program.
PhilHealth is actively taking measures to fortify its cybersecurity posture, having acquired additional tools to monitor accounts and detect potential future attacks. A broader IT upgrade is also on the agenda.
In the aftermath of the incident, the National Privacy Commission has initiated an investigation to scrutinise the extent of the breach, identify responsible officials, and recommend prosecution. The commission’s statement reveals a startling revelation from the initial analysis of the “data dump claimed by the Medusa group,” indicating a massive 734 gigabytes of compromised data, including personal and sensitive information. As PhilHealth grapples with the fallout, questions linger regarding how a state health insurer entrusted with safeguarding the data of millions lacks a secure database, prompting concerns from industry groups.
“We have the national cybersecurity plan, but a plan is different from execution. If it’s not executed properly, nothing will happen,” Ibrahim said.
Senator Mark Villar has taken a proactive stance, calling for a legislative inquiry into the recent wave of cyber attacks targeting PhilHealth and various government agencies. This includes the alarming hacking of the anti-graft office’s computer system, granting unauthorized access to cases against government officials. Additionally, concerns arise from the alleged breaches at key law enforcement agencies, where sensitive data such as fingerprint scans, birth certificates, and passports were reportedly exposed.
Author: Joanna England
