Hackers have demanded $300,000 from the Philippine government after compromising the database of state health insurer Philippine Health Insurance Corporation (PhilHealth) through the Medusa ransomware.
The Department of Information and Communications Technology (DICT) confirmed the ransom demand on September 25, 2023, saying that the hackers have threatened to release the stolen data if the ransom is not paid.
The PhilHealth database contains sensitive personal information of millions of Filipinos, including their names, addresses, contact numbers, and medical records. If released, this data could be used by hackers for identity theft, fraud, and other malicious purposes.
The DICT said that it is working with PhilHealth and its outsourced cybersecurity vendors to complete the “clean up” of the system and to restore PhilHealth’s online services. However, it is unclear how long this will take.
In the meantime, PhilHealth has advised its members to be vigilant against any suspicious activity, such as phishing emails or phone calls.
The PhilHealth hack is a reminder of the growing threat of ransomware attacks. Ransomware is a type of malware that encrypts a victim’s files and demands a ransom payment in exchange for the decryption key. Ransomware attacks have become increasingly common in recent years, and they have targeted both businesses and government agencies.
It is important to note that there is no guarantee that hackers will fulfill their promises even if the ransom is paid. In many cases, hackers simply disappear with the ransom money, leaving the victim with their files still encrypted.
The best way to protect against ransomware attacks is to have strong cybersecurity measures in place. This includes having a good backup of your data, using strong passwords, and keeping your software up to date.
What should PhilHealth do?
PhilHealth should not pay the ransom. Paying the ransom only encourages hackers to continue their attacks and makes other organizations more vulnerable.
Instead, PhilHealth should focus on restoring its systems and protecting its members’ data. This includes:
- Working with cybersecurity experts to investigate the attack and identify the vulnerabilities that were exploited.
- Taking steps to patch the vulnerabilities and improve PhilHealth’s cybersecurity posture.
- Restoring PhilHealth’s systems from backup and notifying members of any data that may have been compromised.
- Providing members with guidance on how to protect themselves from identity theft and other forms of fraud.
What can PhilHealth members do?
PhilHealth members should be vigilant against any suspicious activity, such as phishing emails or phone calls. They should also take steps to protect their personal information, such as:
- Using strong passwords and changing them regularly.
- Being careful about what information they share online.
- Being wary of clicking on links in emails or text messages from unknown senders.
- Monitoring their credit reports and bank statements for any unusual activity.
If PhilHealth members believe that their personal information may have been compromised, they should contact PhilHealth immediately.