PhilHealth admits CyberAttack, shuts down online services

PhilHealth, the nation’s primary health insurance provider, has fallen victim to a significant cyberattack.

On September 22, 2023, unidentified hackers deployed the Medusa Ransomware on PhilHealth’s systems, compromising specific data sets.

Although the central database remained unaffected by the attack, several servers and local workstations have had their data integrity compromised. The incident didn’t go unnoticed, and PhilHealth promptly reported the breach to multiple agencies, including the Department of Information and Communications Technology (DICT), the National Privacy Commission (NPC), the Philippine National Police (PNP) Cybercrime Division, Cybercrime Investigation and Coordinating Center (CICC), and the National Bureau of Investigation (NBI).

This collective action aims to swiftly rectify the situation and apprehend those responsible.

In response to the breach, the organization’s IT department took immediate steps, including disconnecting from the network to prevent further damage. Employees across PhilHealth’s head and regional offices have been instructed to bolster security protocols to fend off potential secondary attacks.

PhilHealth, recognizing its responsibility in safeguarding its member’s personal information, has been diligently working to decipher the extent of the breach and protect all compromised data.

As of now, the exact number of affected records remains unclear. However, the compromised data may include names, addresses, phone numbers, dates of birth, and PhilHealth Identification Numbers.

While the organization is proactively reaching out to those affected, those who haven’t received a notification are possibly safe.

Nevertheless, PhilHealth advises all members to exercise caution by monitoring credit reports for suspicious activities, setting fraud alerts on their credit reports, changing passwords for online accounts, especially those tied to financial assets, and staying alert to phishing emails and smishing texts.

Expressing their regret, PhilHealth said, “We sincerely apologize for any inconvenience this incident may have caused”. The organization further committed to fortifying its security infrastructure to prevent future breaches.

As a testament to their commitment to its members, PhilHealth confirmed the security and integrity of its primary databases. Furthermore, they assured members that this cyber incident will not disrupt their benefit entitlements. The organization has set up alternative arrangements to ensure members can seamlessly access their PhilHealth benefits across the nation, even as certain systems remain offline.

For those seeking further information or with queries about the incident, PhilHealth has set up an email communication channel.

Concerned individuals can contact the Data Protection Officer directly via [email protected] or [email protected].