Philippine Health Insurance targeted by ransomware

The Philippine Health Insurance Corporation (PhilHealth), the nation's health insurance program, was targeted by a ransomware attack on September 22, 2023.

Undersecretary for Connectivity, Cybersecurity, and Upskilling at the Department of Information and Communications Technology (DICT), confirmed the incident. The attack was identified as a Medusa ransomware attack, a form of malware that encrypts files and demands a ransom for decryption.

No details are available whether data was exfiltrated, the number of affected individuals nor the data impacted by the breach.

Update - Apparently, the ransomware attack on the system of the Philippine Health Insurance Corp. (PhilHealth) has not affected the servers containing its members’ private information. PhilHealth officials stated on a briefing on 2nd of October 2023 that only application servers and employee’s workstations were affected by the ransomware attack.

DICT assured of ongoing coordination with PhilHealth to evaluate the impact and secure compromised systems, mentioning that the government is in the process of joining the Counter Ransomware Initiative (CRI) alongside the US, Australia, and other countries. The CRI, initiated in October 2021, aims to enhance international cooperation in ransomware prevention, detection, response, and recovery.