MANILA — State insurer PhilHealth on Monday said it was not worried over threats that information taken by hackers would be exposed to the public following a cyberattack in September.
Some social media posts claimed that hackers allegedly possessed “materials and a video review” taken from PhilHealth’s system and were threatening to leak the data online if PhilHealth would not give in to their demand for ransom.
PhilHealth President and Chief Executive Officer Emmanuel Ledesma Jr. said membership data and medical records were “intact and protected” after the insurer immediately shut down its online systems following the Medusa Ransomware attack.
No ransom money was paid or would be paid to hackers, he said.
“Kasi wala naman nawala sa membership data, they are saying they are going to bring out, so clearly it is a bluff. Isang araw na lang diba, hintayin nalang natin ang bluff nila kung ilalabas nila,” Ledesma said in a press conference.
Ledesma added that they were anticipating that the group behind the attack might attempt to release distorted information through various channels and portray themselves as “heroes”.
He urged the public to promptly report any sensitive information found online or on social media to PhilHealth and the Department of Information and Communications Technology (DICT) to prevent further dissemination.
“Let’s be vigilant lang. We have nothing to hide in PhilHealth. Like I said nothing…the membership records are intact so if that if that’s going to be fabricated records, and not real and true. Hopefully ma-determine ng public what right and what is not,” Ledesma added.
As of Monday, PhilHealth reported that three out of eight external systems were back online, including the corporate website, the member portal and e-claims system.
The state insurer and DICT have not yet identified the alleged crime “syndicate” behind the attack but have noted the weakness in the system that made it vulnerable to cyberattacks.
“We currently have a general anti-virus, anti-cybersecurity, but it is not updated, and probably that is where the hackers came in, through that weakness,” Atty. Eli Dino Santos, PhilHealth’s Executive Vice President and Chief Operating Officer said.
“There were procurement issues, so for me the reason why the strict compliance with procurement rules and regulations, that is why we were not able to activate or continue with the system, that is why we weren’t able to update the system,” he added.
To address the recent attack, PhilHealth activated an “incident response system” and approved an emergency procurement for an additional layer of “cyber and information security systems”.
“We assure the public that we can address whatever attack may happen now and in the future. That is why our President and CEO approved our emergency procurement of the incident response systems and this will prevent present attack and any attack in the future,” Santos said.
PhilHealth also recommended that a “national task force” be formed composed of agencies such as the DICT, National Bureau of Investigation, Philippine National Police and other relevant government offices to prevent cyber attacks against all government offices.