IT’S only a matter of time before Medusa Ransomware releases the data it obtained from the Philippine Health Insurance Corporation (PhilHealth).
The hackers are demanding $300,000 or approximately P17-M in exchange for the obtained data.
But PhilHealth once again stood firm that the government will not pay.
The state insurer added that it is not worried about such threats because it is possible that the hackers will release only fabricated data.
The membership records are intact. So, if it’s going to be fabricated records or unreal or untrue, hopefully, the public can determine what’s right and what’s not. What’s true and what is not true.
Several PhilHealth online services are back in operation including their website, member portal, and e-claims.
While the data recovery of other systems such as the HCI portal and application servers continues.
PhilHealth’s anti-virus protection not updated
PhilHealth admitted that the reason hackers were able to breach into the system was because they had yet to update their anti-virus protection.
‘‘We have a current anti-virus in general, anti-virus, and anti-cyber security but it is not updated. Probably that’s where the hackers came in through that weakness,’’ according to Atty. Eli Dino Santos Executive Vice President PhilHealth.
PhilHealth explained that their anti-virus protection was not updated because there was a problem with its renewal.
It is said that the government procurement policy board has become strict in procurement rules and regulations.
‘‘We had a gap within this year. We weren’t able to procure the renewal for that [anti-virus] protection. We didn’t procure that protection,’’ Nelson de Vera, Acting Senior Manager PhilHealth—IT and Management Dept., stated.
‘‘We were affected by the recent issuance of the GPPB because we were set to renew this subscription license, this antivirus for another year. However, due to the recent issuance of GPPB procurement and extension and renewal of all regular items, procurement items including this anti-virus shall be at the maximum of three years. That’s why we were caught off guard,’’ Atty. Santos said.
PhilHealth assures no more new cyberattacks will happen in the future
But PhilHealth assured the public that this kind of cyberattack will not happen again.
The state insurer is completing the procurement process of anti-virus protection that they are using regularly.
PhilHealth management has also approved the emergency procurement of an incident response system that will help prevent similar cyberattacks in the future.
‘‘We are doing all we can, doing the best we can to prepare ourselves best,’’ according to Emmanuel Ledesma Jr., President and Chief Executive Officer of PhilHealth.
‘‘We assured the public that we can address whatever attack may happen now and in the future. That’s why our President and CEO approved the emergency procurement of the incident response system services. This will prevent any present attack in the future,’’ Santos said.
