PhilHealth: Cyberattack hits only employees’ database not of members
MANILA, Philippines — Following a ransomware attack, the Philippine Health Insurance Corporation (PhilHealth) on Tuesday clarified that the compromised members’ information were from employees’ workstations and application servers, and not from the members’ database itself.
This came after PhilHealth on Monday announced that user data such as names, addresses, date of birth, sex, phone number, and PhilHealth identification number, among others, have been compromised due to a ransomware attack on Sept. 22.
According to the state insurer on Tuesday, however, the ransomware attack did not actually affect the servers containing members’ private information.
“PhilHealth’s membership database, claims, contribution and accreditation information which are stored in a separate database are intact and completely unaffected by the said cyberattack,” PhilHealth said.
Instead, it was application servers and employees’ workstations which were hit. This means files stored locally in the hard drive of the infected workstations were the ones which may have been compromised.
PhilHealth also said that it is still currently conducting an inventory to determine the extent of information which may have been breached and copied.
It then reiterated that it is already reaching out to the public and the employees whose information may have been compromised, and that it is consistently coordinating with Department of Information and Communications Technology, the National Privacy Commission, Philippine National Police’s Cybercrime Division, Cybercrime Investigation and Coordinating Center and the National Bureau of Investigation in order to identify and go after the perpetrators of this criminal act.