The government on Tuesday said it will not pay $300,000 or P17 million ransom demand from hackers for the stolen database of the Philippine Health Insurance Corp. (PhilHealth).
“According to our initial investigation, there were around 72 workstations that were affected and the systems affected are, of course, our website, our e-claims system, our member portal, and our collection system,” PhilHealth Senior Vice President Israel Francis Pargas said in a Bagong Pilipinas Ngayon briefing.
On Friday, the PhilHealth system was attacked by Medusa ransomware with hackers demanding $300,000 for the stolen data from the agency’s database.
Pargas said there was no leak of personal or medical information of the PhilHealth members.
“Following the government policy, we will not pay at any time if there is a ransom demand,” he said.
Pargas said the agency is coordinating with the Department of Information and Communications Technology, the National Privacy Commission, Philippine National Police and National Bureau of Investigation.
DICT Secretary Ivan John Uy said the agency is investigating the alleged hacking.
“We never pay any ransom at all. The policy of the government is we never give in to blackmail or ransom techniques,” he said in a TeleRadyo Serbisyo interview.
The DICT also issued an advisory to all government agencies and the public on measures to prevent the Medusa ransomware.
The DICT advised government agencies and the public to regularly monitor their organization’s “attack surface”; back up files, systems, processes and other digital assets; implement a security information and event management system, and install anti-malware in all government offices.
DICT also urged government agencies to prohibit the use of pirated software and unlicensed programs in all government offices, especially those downloaded from the internet.
Pargas said the operations of PhilHealth are expected to return to normal by Wednesday.
“We are reconfiguring our system to ensure that it will not happen again. We will also review the access of our employees to our system,” he added.
Pargas said since Friday, the agency has shifted to manual operation. He said the PhilHealth website, as well as 72 workstations, collection systems, member portals, and e-claim systems were affected by the attack.
Earlier, a statement signed by PhilHealth president and chief executive officer Emmanuel Ledesma Jr. assured the public that the attack on its database was kept under control and no personal and medical information had been compromised or leaked.
PhilHealth said it has already coordinated a forensic investigation and assessment with the DICT, the National Privacy Commission (NPC), and the cybercrime units of the National Bureau of Investigation (NBI) and the Philippine National Police (PNP).
Members and their qualified dependents will continually be entitled to the benefits of the National Health Insurance Program (NHIP) with the submission to accredited healthcare providers a photocopy of the member’s PhilHealth Identification Card (PIC) or Member Data Record (MDR) or any identified acceptable supporting documents, the agency said.
The NPC, meanwhile, is looking at a reported data breach at PhilHealth that may have compromised personal data of members.
PhilHealth notified NPC for immediate action on the breach, an alleged ransomware attack, on Monday, Sept. 25.
NPC initiated a hearing Tuesday and compelled PhilHealth to attend and recount the events leading to the hacking.
The hearing will be followed by a notice of onsite investigation on Thursday, Sept. 28.
Senator Mark Villar condemned the recent Medusa ransomware cyber attack against PhilHealth and said the attack could compromise private information and the health of the public.
He stressed that the cyber attack against PhilHealth is not just an attack against an institution of a government, but an attack against every individual member of PhilHealth and their right to secure and accessible medical help.
The senator also said that the more than 24-hour downtime of the PhilHealth system during the attack has endangered the capacity of its members and beneficiaries to seek immediate medical assistance.