Advertisement PDAX Banner

Ransomware Hackers Demand $300k, Philhealth: No Data Leak

Photo for the Article - Ransomware Hackers Demand $300k, Philhealth: No Data Leak
  • PhilHealth reassures its members that their data remains secure despite a cyberattack and confirms that no personal or medical information has been compromised.
  • The DICT reports that cyberhackers responsible for the Medusa Ransomware attack have demanded $300,000 in exchange for the decryption key to the encrypted data. 
  • The Medusa Ransomware attack on PhilHealth’s website occurred on September 22, 2023. Medusa is a malicious software known for encrypting files and demanding ransoms.

The Philippine Health Insurance Corporation (PhilHealth) has assured its members that their data are safe and that they can still access benefits from its accredited healthcare facilities, despite being under a cyberattack. However, the Department of Information and Communications Technology (DICT) has reported that the cyberhackers have demanded $300,000 or approximately ₱16 million in exchange for the decryption key to the data they have encrypted.

PhilHealth Assures Data are Safe

In a September 23 statement, PhilHealth President and Chief Executive Officer Emmanuel Ledesma Jr. assures that no personal or medical information has been compromised. 

He also disclosed that the firm is currently implementing containment measures in response to the attack. The firm temporarily disabled access to all systems, including their website, HCI, Member Portal, and e-Claims. 

“We are currently investigating the matter together with concerned government agencies which include the Department of Information and Communications Technology to assess its extent,” he noted. 

Moreover, the statement noted that members can still access National Health Insurance Program benefits using alternative documents, and premium contributions can be paid directly to accredited agents.

Advertisement PDAX Banner

In addition, healthcare facilities are advised to continue deducting PhilHealth benefits and make temporary arrangements for patient benefit access.

“We appeal for the public’s understanding regarding the matter. Rest assured that we will get to the bottom of this and will institute stronger systems to prevent this from happening again in the future. We will release updates on the developments of the investigation and once the affected systems are up again,” Ledesma concluded.

PhilHealth stated that it aims to restore its systems by Monday, September 25, 2023; however, there is still no news regarding this as of writing.

DICT: Medusa Ransomware Demands $300K

According to the Philippine Star, DICT Undersecretary Jeffrey Ian Dy stated that the hackers behind the Medusa Ransomware, one of the latest ransomware variants, demanded a ransom in exchange for deleting the data they had stolen and providing the department with the decryption key.

Subsequently, Dy stated that the stolen data were posted on the dark web.

“Observed recently since June 2021, the Medusa ransomware is distributed by exploiting publicly exposed Remote Desktop Protocol servers either through brute force attacks, phishing campaigns or by exploiting existing vulnerabilities,” Dy said in an advisory.

Accordingly, the DICT urges government agencies and the public to follow specific measures for prevention; including regular monitoring of system vulnerabilities, data backups, installation of security systems, network segmentation, avoidance of pirated software, scrutiny of suspicious emails, updating policies for remote work, software updates, account lockout policies, data backup strategies, and educating IT and cybersecurity personnel on incident response procedures.

What Happened?

On September 22, 2023, PhilHealth’s website was hit by a Medusa ransomware as confirmed by DICT Undersecretary Dy to the Manila Bulletin. According to the department, they have been aware of the attack as early as 9 am.

Medusa is a malicious software variant known for encrypting and locking victims’ files, subsequently demanding a ransom in return for the decryption key. It operates under the Ransomware as a Service (RaaS) model, wherein affiliates can customize their ransom notes and file extensions for added flexibility and customization.

Another hacking incident concerning a government agency happened in April, when the verified X (Twitter) account of the Department of Health (DOH) of the Philippines was briefly hacked, and used to promote a fake Uniswap airdrop.

This article is published on BitPinas: Ransomware Hackers Demand $300k, PhilHealth: No Data Leak

Disclaimer:

  • Before investing in any cryptocurrency, it is essential that you carry out your own due diligence and seek appropriate professional advice about your specific position before making any financial decisions.
  • BitPinas provides content for informational purposes only and does not constitute investment advice. Your actions are solely your own responsibility. This website is not responsible for any losses you may incur, nor will it claim attribution for your gains.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.