PhilHealth: Cyberattack under control, no data leak
Despite being under cyberattack since Friday, the Philippine Health Insurance Corp. (PhilHealth) assured its members, estimated to number more than 104 million Filipinos, that they can still avail of benefits from accredited health-care facilities.
The state health insurer said it has taken temporary measures in order not to disrupt services, as it promised to resolve the breach to its computer systems by Monday.
PhilHealth said since the breach was detected early Friday, it has disabled or unplugged access to all its systems—including the website, the portals or online links of health-care institutions and members, and e-claims, as part of “information security containment measures.”
“We are working to restore these systems on Monday, Sept. 25,” PhilHealth president and chief executive officer Emmanuel Ledesma Jr. said in a statement late Saturday.
“The incident is under control and no personal information and medical information has been compromised or leaked,” he stressed.
Mum on ransom demand
He did not comment on reports that the incident was a ransomware attack by a black-hat group, called Medusa, and that the group demanded $300,000 for the decryption key that would allow the health agency to repossess the personal data of its members.
PhilHealth said in the meantime, members and dependents may avail of benefits by submitting to accredited health-care providers a photocopy of their PhilHealth identification card or member data record or other “acceptable” supporting documents.
The state insurer told health-care facilities to “continue deducting PhilHealth benefits and devise temporary arrangements” with patients who are for discharge.
It advised employers to submit their reports once the electronic premium remittance system has been restored.