Philhealth members at a branch office. (FILE PHOTO)
MANILA, Philippines — The Philippine Health Insurance Corp. (PhilHealth) on Saturday advised the public to be wary of dubious text messages and emails as leaked personal data from a recent cyberattack may have already been used for phishing.
Phishing is a fraudulent scheme used to dupe victims into sharing their sensitive information, especially bank records, via links embedded in email and text messages or through spyware.
In a statement, PhilHealth president and CEO Emmanuel Ledesma Jr. warned members to be vigilant against those who offer their services to be able to register and avail of a PhilHealth ID or secure member data record (MDR).
“We don’t ask for fees for your [PhilHealth] ID and MDR … and we have no authorized agents for getting these. This is risky because it compromises your personal details,” Ledesma said.
He added, “It is best to ignore suspicious calls, and to delete text or emails from unknown and suspicious senders to avoid being victimized by scammers.”
Earlier this year, it can be recalled that phishing was blamed for the GCash fiasco that involved unauthorized deductions in customers’ accounts.
Ledesma also reminded members to access only the official PhilHealth website with the “gov.ph” domain — and not the “.com” or “.net.”
All Filipinos, whether registered in the state insurer’s system or not, are entitled to avail of the benefit packages as stipulated in the Universal Health Care Act. Members who need to avail of free primary healthcare services at any accredited “Konsulta” providers may register in the member portal on the PhilHealth website.
An acronym for Konsultasyong Sulit Tama, or reasonably priced and accurate consultation, Konsulta is PhilHealth’s primary healthcare program that makes consultation, laboratory tests, and medicines available to its members.
On Friday, the National Privacy Commission (NPC) launched an online portal — philhealthleak.privacy.gov.ph — where members can verify whether their records were among those compromised in the data leak purportedly carried out by the Medusa ransomware group.
Results of an initial probe by the NPC found that a “staggering” amount of data equivalent to more than 730 gigabytes had been stolen from the state insurer.
The ransomware reportedly affected the state insurer’s e-claims system, member portal system, and collection system.