PhilHealth data gets published on the dark web following cyberattack

PhilHealth data gets published on the dark web following cyberattack

PhilHealth data gets published on the dark web following cyberattack | Insurance Business Asia

Life & Health

PhilHealth data gets published on the dark web following cyberattack

Information on employees, IDs, memos, directives, and others were leaked

Life & Health

By
Kenneth Araullo

Data hacked from the Philippine Health Insurance Corporation (PhilHealth), including employee details, have begun surfacing on the dark web after hackers’ ransom demands were unmet by the government.

Preliminary analysis revealed that among the published information were PhilHealth employees’ identification cards, including Government Service Insurance System (GSIS) IDs.

Department of Information and Communications Technology undersecretary Jeffrey Dy said that they observed copies of employees’ payroll and other details like regional offices, memos, directives, working files, and hospital bills on the dark web.

“In terms of PII (personal identifiable information), we saw some IDs, pictures, which we cannot ascertain at the moment if they are Philhealth employees, or members,” Dy said in a report from CNN.

He indicated that these seem to be “teasers” from hackers who may still be waiting for the government to comply with their ransom demand. Earlier, the DICT reported that cybercriminals had demanded US$300,000 (approximately PHP17 million) in exchange for decryption keys and not disclosing the illegally obtained data. In response, the government has reiterated its policy of not paying any ransom to hackers.

Both the DICT and PhilHealth asserted that the members’ database, containing private information, claims, contributions, and accreditation details, remains intact as it was not part of the servers impacted by the Medusa ransomware attack.

See also  AIG reveals three leadership appointments

However, this does not guarantee that hackers did not access members’ information. Authorities clarified that this is because the same details in the database may have been available on the other servers affected by the hacking.

“It seems the Philhealth workstations and some other servers such as training servers affected by Medusa may have contained this information,” Dy said.

PhilHealth mentioned it is still ascertaining whether the data acquired by hackers include personal details of its members.

What are your thoughts on this story? Please feel free to share your comments below.

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!