Hackers attack PhilHealth’s website, systems
MANILA, Philippines — Computer hackers attacked the website and online application of the Philippine Health Insurance Corp. (PhilHealth) on Friday, taking down the systems and blocking access for more than 24 hours.
In a statement on Saturday, PhilHealth said it has started containment measures as well as an investigation of the “information security incident,” together with the Department of Information and Communications Technology and other concerned government agencies “to assess its extent.”
“While investigation is being undertaken, affected systems shall be temporarily shut down to secure our application systems,” PhilHealth president and CEO Emmanuel Ledesma said.
The head of the state insurer appealed for understanding and assured that “we will get to the bottom of this and will institute stronger systems to prevent this from happening again.”
The Inquirer reached out to multiple officials and staff of PhilHealth to confirm whether the incident was a Medusa ransomware attack, but they have yet to reply.
A ransomware is a cyberattack that holds one entity’s data or system hostage until a ransom is paid.
In a February 2023 report by the US Department of Health and Human Services, MedusaLocker, a ransomware variant, was able to “infect and encrypt systems, primarily targeting the health-care sector, after it was first detected in September 2019.
MedusaLocker, deemed as “lesser known but potent,” leveraged the disorder and confusion during the COVID-19 pandemic to launch attacks, the report said.
According to a cybersecurity company last week, a firm usually spends about P55 million or about $1 million to resolve a single data breach and pay off ransom to regain system access.