Philippine Insurance Corporation Falls Victim to Cyber Attack

The Philippine Corporation of Medical Insurance (Philhealth) has been restored following a recent cyber attack. As a result of the attack, several websites and information portals had to be temporarily shut down. The investigation, with the support of other state structures, began immediately.

Philhealth provides insurance services for 114 million citizens. “While the investigation is underway, the information systems affected will be temporarily disconnected to protect our data and programs,” said Philhealth representatives.

Corporation General Emmanuel Ledesma announced on Monday that access to Philhealth portals will be limited, with only partnerships and the electronic filing system for claims available. Resources were restored by September 25th.

The leadership of Philhealth assures the public that the situation is under control and personal data of patients and personnel have not been compromised.

Currently, key services are not functioning, and participants in the insurance program will need to provide paper copies of documents to receive medical care. Medical institutions are working with patients to arrange preferential payments directly.

Additionally, Philhealth has extended the deadline for filing claims for reimbursement of expenses from June to September of this year by 60 days.

The responsibility for the cyber attack has been claimed by the Medusa group, who demanded a ransom. The criminals specified a payment deadline of 10 days. Failure to meet the deadline will result in an additional payment of $100,000. A payment of $300,000 is required for the deletion of stolen information or access to it.

However, the hackers did not disclose which specific data was compromised or the extent of the breach.

It was previously warned by the Cybersecurity and Infrastructure Security Agency (CISA) that the Medusa group operates using the RAAS (Ransomware as a Service) model. This means that in addition to conducting their own cyber attacks, they rent out their services to other hackers, taking a percentage of the ransom paid.

Preliminary analysis indicates that the hackers gained access to the Philhealth systems in June 2023.

/Reports, release notes, official announcements.