House probe sought on PhilHealth malware attack

Philippine Tribune
Philippine Tribune

A congressional investigation on the cyberattack on state-run Philippine Health Insurance Corp. (PhilHealth) that resulted in the leak of personal records of PhilHealth members has been proposed in the House of Representatives.

House Deputy Minority Leader France Castro, House Assistant Minority Leader Arlene Brosas, and Kabataan party-list Representative Raoul Manuel made the call through House Resolution 1350.

“PhilHealth released a statement on October 2, 2023 admitting that personal information of its members was compromised. The harvesting and public release of such sensitive personal information certainly endanger the security of affected PhilHealth employees and members, as such unique information could be used to stage a number of crimes such as scams, identity theft, phishing, among others,” the lawmakers said.

According to the lawmakers, PhilHealth “must be compelled to fully explain the extent of the data breach and to put in place stronger security measures following the ransomware attack.”

“The House of Representatives must request concerned agencies to provide a public briefing on the ransomware attack, and on the findings of their respective investigation over the incident,” they added.

The National Privacy Commission (NPC) earlier said that PhilHealth notified them of such ransomware attack on September 25, 2023 and has already asked the state health insurance firm to explain the extent of the cyber attack and data breach.

PhilHealth has over 54 million direct and indirect contributors and has 1,889 accredited hospitals in the country, with a total premium collection of P171 billion from its contributors in 2021 alone.

“Now therefore be it resolved that the House Committee on Information and Communications Technology conduct an investigation, in aid of legislation, on the Medusa ransomware cyber attack on PhilHealth and on the  leak of personal records of PhilHealth employees and members,” the lawmakers said in their resolution.

The Medusa Ransomware Group, which is said to be behind the cyber attack, has demanded a $300,000 ransom for the stolen data and gave PhilHealth 10 days to comply.

While PhilHealth initially said that there was no breach of its members’ data, it later said that it believes that several types of data were compromised, including name, address, date of birth, sex, phone number and PhilHealth Identification Number.

Department of Information and Communications Technology (DICT) Undersecretary Jeffrey Dy confirmed that hackers already began publishing leaked PhilHealth data on the dark web such as employees’ payroll and other details such as their regional offices, memos, directives, working files, and hospital bills.

Dy also said the hackers will likely attack the individuals whose data were compromised because they are more prone to extortion.

Dy said their analysis showed that there were no remnants of the Medusa malware in the PhilHealth members’ database. —Llanesca T. Panti/KBK, GMA Integrated News

Leave a comment