MANILA — The syndicate behind the Medusa Ransomware attack on the system of Philippine Health Insurance Corporation (PhilHealth) may have gained access to membership data and records amid PhilHealth’s claims that these “remained intact and safe”, a cyber security analyst asserted Wednesday.

• PhilHealth to notify all individuals affected by data breach

Art Samaniego Jr. explained that the hackers may not have encrypted or locked these data, but it cannot be established yet if they had not produced copies of these for online uploading.

“Hindi kasi ibig sabihin na intact siya ay hindi siya na-kopya o hindi siya napasok. So pwede nagawa ng scammer o mga cyber criminals na ito, na nandoon ang data pero nakuha na nila, o nakopya nila,” Samaniego told ABS-CBN News.

• Hackers leaked 'only IDs of PhilHealth employees', says agency’s spokesperson

“Hangga’t hindi natatapos ang imbestigasyon, hindi natin malalaman. Kasi napasok na nila iyong system ng PhilHealth. Kaya malaki ang possibility na na-access lahat ng data na iyon,” he said further.

Among those now uploaded on the “dark web” are different identification cards (IDs), including PhilHealth employees ID, passports, driver’s licenses, credit cards, and plenty of 1x1 ID pictures of persons without labels.

Also posted are internal documents such as employees database, hospital records, phone directories, case records, among others.

Samaniego warned that these information may be used for criminal activities.

“Gagamitin iyon para nakawin iyong identity natin. So pwede na dahil mayroong ID, mayroong government ID, may pirma pa iyong mga ID doon, kokopyahan lang nila iyon at isa-submit nila para makapag-open sila ng account. Pwede sila makagawa ng credit card, o pwede sila gumawa ng social media accounts at dahil kumpleto na ang information mo doon, iyong next of kin mo pwede nila gamitin iyon pang-phishing,” he said.

• Govt must prepare consumers for potential impact of PhilHealth data breach: groups

These cyber criminals, Samaniego added, may go as far as victimizing specific persons.

“Kapag nakita na iyong data, individual na iyong approach, makikita nila na ito kumpleto sa detalye, iaatake natin ito,” he said.

The Department of Information and Communications Technology (DICT), for its part, admitted that removing these posts on the dark web seem to be impossible.

“Sa ngayon, andoon pa rin sila sa naniningil. Kapag alam nila na hindi pa sila nakakasingil, mayroon silang chat groups at mayroon silang surface web na hacking groups or websites, doon nila ire-release at lahat ire-release nila,” DICT Usec. for Connectivity, Cyber Security and Upskilling Jeffrey Dy said in a interview on TeleRadyo Serbisyo.

PhilHealth, in a press conference on Monday, revealed that the weakness in the system that made it vulnerable to cyber attacks.

“We currently have a general anti-virus, anti-cybersecurity, but it is not updated, and probably that is where the hackers came in, through that weakness,” PhilHealth’s Executive Vice President Eli Dino Santos said.

“There were procurement issues, so for me the reason why [is] the strict compliance with procurement rules and regulations. That is why we were not able to activate or continue with the system, that is why we weren’t able to update the system,” he added.

For the National Privacy Commission (NPC), PhilHealth should be held accountable for its failure to protect the data of its members and employees.

“If there are security lapses and if PhilHealth will not report if there are personal data that were compromised, that will amount to concealment. In this case, what would be applicable is the determination if appropriate security measures were put in place. If that would not amount to negligence, maybe that would amount to possible administrative fines. The fine would reach up to P5 million," Michael Santos, NPC’s chief of complaints and investigation division told ABS-CBN News Channel.

Since the PhilHealth cannot ascertain the degree of data breach, Samaniego advises the public to be wary of possible online attacks and scamming.

• Privacy body probes 'possible negligence' in PhilHealth ransomware attack

“Dapat bantayan natin ang mga email ang mga dumadating sa atin. Kasi magiging target tayo ng mga phishing attacks. Dapat iwarn na natin ang mga kapamilya natin na huwag maniniwala agad kapag may tumawag sinabing nadisgrasya ako, at kumpleto ang mga data. Kasi pwedeng gawin iyan nag cybercriminals,” Samaniego stressed.

RELATED VIDEO

Watch more News on iWantTFC