DICT: Hacked PhilHealth data spreading on app contains malware
Cybercrime/hacking. STOCK IMAGE/INQUIRER FILES
MANILA, Philippines — The Department of Information and Communications Technology (DICT) is warning the public against accessing leaked data of the Philippine Health Insurance Corp. (PhilHealth) as it contains malicious software (malware).
DICT Secretary Ivan John Uy confirmed Tuesday that hackers used the messaging platform Telegram to spread the digitally stolen information from the system of PhilHealth to allow hackers to stay anonymous and difficult to trace.
Uy said data with malware may put gadgets, apps, and other information at risk. A malware is an intrusive software used by cybercriminals to steal data or damage computer systems.
“Ang abiso ko po sa public ay ‘wag pong mag-access at ‘wag pong i-download ‘yung mga files na ‘yan dahil may na-diskubre po kami na mayroong backdoor at mayroong malware po ‘yung mga files na ‘yan,” Uy said in an interview with Radyo 630.
(My notice to the public is that do not access and do not download those files because we have discovered that there is a backdoor and that those files contain malware.)
READ: PhilHealth data breach largest since ‘Comeleak’
“So kung may mga tao na mag-download noon dahil curious sila at gustong malaman kung anong nandidiyan, ay mapapasukan po ‘yung sistema nila. May virus po na naka-karga sa mga files na ‘yan,” he also explained.
(So if there are people who download because they are curious and want to know what is there, their system will be breached. There is a virus loaded in those files.)
Uy refused to give further details on how hackers sent the malware-loaded messages in an effort to keep the public away from harm: “Pinost nila sa Telegram, pero mas mabuti po siguro ‘wag na nating ituro at hahanapin nila [public] ‘yon.”
(They posted it on Telegram, but maybe it’s better not to point it out because they [public] will search for it.)
READ: PhilHealth pressed more to explain data theft, leakage
The DICT chief said that so far, they have not received any report regarding illegal usage of PhilHealth’s hacked data.
Uy further pointed out that the DICT has no means to take down tainted links, explaining: “In-app po kasi ‘yon. Ang mangyayari po diyan, magre-request tayo sa Telegram na sila ang mag-take down noon,” Uy noted.
(That’s because it’s in-app. What will happen there, we will make a request to Telegram that they should take it down.)
READ: PhilHealth blames hack on new procurement rules
He likewise reminded the public to ignore suspicious emails and texts because they might be phishing attempts.PhilHealth shut down its website and online services on September 22 in response to a ransomware attack on its system. Clandestine group Medusa admitted hacking into PhilHealth computers and held the information it stole for a $300,000 (about P17 million) ransom.
READ: Leaked PhilHealth data ‘staggering,’ says NPC
The DICT said PhilHealth’s website remains partially operational because the state insurer still needs to plug some vulnerabilities in the system to avoid another hacking incident.
