MANILA (2nd UPDATE) - Only the identification cards (IDs) of employees of the Philippine Health Insurance Corp. (PhilHealth) have been leaked online so far, following a cyberattack using Medusa ransomware on the state insurer’s system, the agency’s spokesperson said Tuesday.

Dr. Israel Francis Pargas, in an interview with ANC’s Top Story, maintained that “membership data, financial data and claims data” remained safe and intact.

“There are work stations wherein the computers of our employees were involved or hacked and I think some of data that were gotten by these hackers were from these. So that is why some of those data being shown, like personal ID of our employees, are being shown. And so, we are actually providing a notice to the public that in cases that there are information that will be shown or that will be given out, that please inform us already so that we can do something about it,” Pargas said.

Pargas said the agency is still determining the extent of the breach.

“Right now, the National Privacy Commission is doing also another investigation looking deeper into the incident, looking into what really happened and what was the cause, and even looking into people and systems in the corporation to see if there is any negligence with regard to the part of the corporation,” he added.

Watch more News on iWantTFC

Meanwhile, USec. Jeffrey Dy of the Department of Information and Communications technology said they have yet to verify all the information that was taken from the PhilHealth system, but initial information showed pictures of people, IDs of PhilHealth employees, some Government Service Insurance System (GSIS) cards, and payroll of the employees.

He reiterated that the PhilHealth member data base was not affected by the breach.

"We have informants that [are] waiting for the official release of the entire site sa mga official channel ng Medusa group," Dy said, adding that "teasers" of the information taken from the PhilHealth system are being advertised in the "dark web".

Watch more News on iWantTFC

PhilHealth earlier said it will notifying individuals affected by the recent data breach into its system.

• PhilHealth to notify all individuals affected by data breach

It also reiterated that only the application servers and employees' workstations have been affected by the cyberattack. This means files stored locally in the hard drive of infected workstations may have been compromised.

PhilHealth, likewise, appealed to its members to remain vigilant and to "refrain from opening, sharing, liking, or reposting malicious posts as it only magnifies the damage caused by the perpetrators."