MANILA — The Philippine Health Insurance Corporation (PhilHealth) on Tuesday said its systems would be accessible to the public later in the day or by Wednesday, Sept. 27, after a ransomware attack.

PhilHealth senior vice president Dr. Israel Francis Pargas said their website, 72 work stations, e-claim system, member portals, and collection systems were affected by the Medusa ransomware operation that was detected on Friday.

This prompted PhilHealth to shut down its systems to see the extent of the information security incident, Pargas said in a public briefing.

• Hackers demand $300,000 ransom for PhilHealth database

"We shifted to manual operations simula noong Biyernes hanggang ngayon. But we are expecting until today, until tomorrow ay mai-up na namin ang ilan sa mga sistema na ito para muling magamit natin," Pargas said.

"Kung naka-shut down ang ilang system, ilang porsyento ang apektado at kailan maibabalik sa normal ang operasyon ng PhilHealth website," he added.

The Department of Information and Communications Technology earlier in the day said hackers demanded $300,000 from the Philippine government for the database.

The PhilHealth official said based on an initial probe, there was "no leak" of their clients' personal information. PhilHealth cannot confirm if the ransom threat was true, Pargas said.

"Wala ring na-compromise na medical information ng ating mga miyembro sa ating unang pagsisiyasat at pag-iimbestiga," he said.

"Ganyan ang kanilang technique (ransom)... talagang sila ay nagdedemand for ransom para kung mayroon silang mga data na makukuha, maibabalik o ibabalik. Pero hindi rin natin sigurado kung maibabalik sila o may maibabalik pa."

• How to access benefits while PhilHealth's system is down

PhilHealth will not give in to the ransom demand, he said.

The investigation is ongoing and the PhilHealth is coordinating with the National Privacy Commission and the cybercrime units of the police and the National Bureau of Investigation, Pargas said.

The probe will also look into PhilHealth employees and "control measures" related to their access to the database, he added.

"Kasama na diyan ang pagre-review ng access na ibinibigay natin sa ating mga empleyado. Doon sa nakikita natin in our initial investigation, mayroong mga computers ng ating mga empleyado na na-infect nitong virus," said the official.