The website and members portal of the Philippine Health Insurance Corporation (PhilHealth) were restored following the hacking of its database due to the Medusa ransomware attack on September 22.
Medusa ransomware
The ransomware infected 72 workstations and affected the state insurer's e-claims system, member portal system, and collection system. PhilHealth assured that the personal and medical data of its members were not compromised.
It maintained that the government will not pay Medusa’s USD300,000 or PHP17 million alleged ransom demand in exchange for stolen data from its website. PhilHealth senior vice president for Health Finance Policy Dr. Israel Francis Pargas reiterated the "government’s policy of not paying the alleged ransom to criminals.”
The state insurer has since shifted to manual operations since September 22 until all their systems are restored. It assured members that their benefits will not be hampered due to the incident and interim arrangements will be set for members to avail of them anytime and anywhere. PhilHealth immediately released public advisories and instructions for hospital benefit claims and premium payments over the counter.
Restoration
The Department of Information and Communications Technology (DICT) has restored Philhealth systems affected by ransomware attacks. It is continually investigating and monitoring acquired logs from Philhealth’s affected systems to ensure cybersecurity.
The state insurer welcomes calls for inquiry and shall impose disciplinary actions on those who will be found liable to have remised in the performance of their duties.
PhilHealth added that it “ sincerely asks for the public’s understanding and support during this time and implores certain groups and sectors to refrain from concocting false and misleading information to avoid creating panic and distrust among our members and stakeholders.”
Recommended measures
In a memorandum following the attack, DICT advised all government agencies to employ recommended protection and security actions when compromised by ransomware.
The list includes backing up files, systems, and processes; prohibiting the use of pirated software; updating installed programs, and educating IT personnel on cybersecurity procedures.