Default Thumbnail

Philhealth data hacked : Time to crack the whip

October 7, 2023 Dr. Tony Leachon 892 views

Dr. Tony LeachonAFTER the Medusa ransomware infected the systems of state health insurer Philippine Health Insurance Corp. (PhilHealth) on Sept. 22, cyberhackers have demanded $300,000 or approximately P16 million, according to the Department of Information and Communications Technology (DICT).

DICT Undersecretary Jeffrey Ian Dy said that they have already made a demand for $300,000 for them to do two things: One is to delete the data that they captured, and two, is so they would give the key so we can decrypt the data that they encrypted.

The stolen data from PhilHealth has been posted on the dark web.

In the 2021 comprehensive recommendation to Philhealth it was clear that the IT system should be upgraded. As of 2022, PhilHealth maintains a network of 59.03 million members made up of 35.31 million direct contributors and 23.72 million indirect contributors. Preliminary investigation from the NPC showed that the ransomware attack exposed the IDs and photos of some PhilHealth members. PhilHealth admitted as well that the data breach has leaked the mobile numbers of affected contributors.

Philhealth did not follow the recommendations of a 2021 great study to upgrade the information and technology system.

They turn a blind eye to this finding.

What a mess !

Earlier, PhilHealth admitted that it has yet to determine the number of records taken by Medusa, but expressed belief that sensitive information were included in the ransomware attack. These data include name, address, birthday, sex, mobile number and identification number. PhilHealth has committed to notify members whose personal information was deemed compromised. The state-run insurer also asked contributors to take precautions right away, including monitoring their credit reports for unauthorized activities. PhilHealth also said members should place a fraud alert on their credit reports. Contributors are also advised to change their passwords in all digital accounts, particularly in financial platforms, and keep an eye on phishing emails and smishing texts.

Deep Web Konek, a group dedicated to publishing activities in the dark web, shared a screenshot showing large packets of files containing alleged information on PhilHealth members. Another report indicated that PhilHealth files in online marketplaces contain documents compressed in 160 folders. In total, these files amount to 600 GB of data.

As such, the group warned that PhilHealth members should be vigilant in the coming days. Data uploaded on the dark web are usually exploited by criminal groups involved in digital fraud ranging from messaging scams to identity theft.

Filipinos should brace for a barrage of online scams in the coming days after hackers who stole data from state-run PhilHealth have leaked members’ information to online – and possibly criminal – groups.

Reports coming from dark web informants showed that documents stolen from PhilHealth were publicized in online marketplaces like Telegram starting Thursday, Oct. 5.

Nearly all our problems are the result of neglect in some way or other. And this truth may be said to apply to the problems of leaders as well. Negligence is at the bottom of all decay. And decay always starts by showing little signs-or warnings.

Explanation at Senate budget hearing sought

The state health insurer “did not subscribe to anti-virus and security software since May, that’s why they were hacked,” Sen. Grace Poe said. “I don’t think it is really an excuse for any government agency not to have security in their databases.”

While the Senate has not yet initiated an investigation on the hacking of PhilHealth, officials of the state-run insurer should be made to explain the cyber security breach when they defend before lawmakers their proposed budget for 2024, Sen. Grace Poe said on Thursday.

This deserves a Senate and a congressional hearing so we can prevent future cyber attacks not only for @DOHgovph / PHIC but whole of government.

Although Congress is on recess, several Senate subcommittees continue to conduct hearings on the 2024 proposed budgets of various government agencies. “Even if it is not investigated (by the Senate), I think it is necessary that we ask the hacking incident during the budget hearing,” Sen. Poe said during the “Kapihan sa Manila Bay” forum on Wednesday, Oct 4.

Sen. Grace Poe cited reports that the hackers may have taken advantage of the expiration of PhilHealth’s anti-virus security software last May to carry out their plan.

“They did not subscribe to anti-virus and security software since May, that’s why they were hacked. I don’t think it is really an excuse for any government agency not to have security in their databases,” she said.

Poe said that even if PhilHealth did not have enough budget for a cyber security software, its officials should have used their revolving funds, or emergency procurement, which is allowed under the law. She said that unlike in the past, hiring of IT experts has now become necessary.

“One of the bills that I filed is that as part of the E-government Act with the digitalization of government agencies into one portal, all important agencies, government and critical establishments of private sector like media, telcos, etc. should have cyber security employees on duty all the time to thwart or address cyber attacks.”

Poe said agencies should have IT experts handling cyber security plan to ensure at least minimum IT compliance with cyber security regulations.

“Why was it (cyber security subscription) not prioritized? They let it lapse and didn’t pay the subscription. I am sure they have an IT manager there. They should be summoned, their database was not affected, but other information were stolen,” Poe said.

Sen Bong Go ‘s statement

Sen. Bong Go, for his part, has reiterated his call for PhilHealth as well as other government agencies to bolster their cybersecurity defenses.

Go said the protection of data and the continuity of services, especially for the underprivileged, should be of utmost priority.

“First of all, we should not be complacent. Every detail of information is important and every second of delay in services can spell big problem for our countrymen in need,” Go said.

Go, chairman of the committee on health, urged PhilHealth to take immediate and stringent measures.

“We should have preventive measures so this kind of incident won’t be repeated. We must strengthen our cybersecurity,” he said.

The senator also stressed the importance of ensuring that PhilHealth’s services remain uninterrupted, especially for the poor.

“It’s not only PhilHealth that’s in danger here, but its members as well,” he said. He explained any investigation would need much input from the DICT and the National Privacy Commission (NPC).

Then is the time to show action and to be alert. There is nothing quite so easy as to neglect, and nothing quite so difficult as to repair that negligence. Negligence always carries a high price. It costs nothing to avoid it! Again , nobody cares about the huge breach of our Philhealth data base. UHC is at risk.

It has jeopardized the whole national insurance system.

We will be perpetuating an error. It’s a leadership problem.

Time to crack the whip and discipline the Philhealth leaders

The National Privacy Commission (NPC) said it is looking into the liability of PhilHealth in the data breach.

“As for PhilHealth’s liability, we are currently assessing whether negligence was involved on its part before making any definitive statements, but in addition to negligence we are also looking if there is concealment and possible imposition of administrative fines,” the NPC said.

‘Hold PhilHealth accountable’

Meanwhile, information and communications technology professionals have urged the government to hold the PhilHealth accountable for the cyber attack on its system. The Computer Professionals’ Union (CPU) said the recent statements of PhilHealth and DICT highlighted the government’s lack of initiative to protect and secure sensitive and personal information.

“The fact that PhilHealth and the DICT initially downplayed the severity of the Medusa ransomware breach on its systems, especially its impacts on the people, speaks volumes about how the government treats people’s personally-identifiable information,” the group said in a statement.

“Now PhilHealth is stating that ‘only’ employees’ personal information have been affected, although it admitted that it is possible that the breached computers could also have information on PhilHealth’s members, which as of 2021 numbering 94 million or more than 80 percent of the country’s population,” the group said.

PhilHealth officials initially downplayed the breach by saying its main servers were secure after the attack. One report also quoted an official as saying that the threat to release stolen information was only a bluff.The DICT later confirmed that some information, primarily those on employees, were compromised in the incident. PhilHealth issued a public advisory hours before the deadline set by the hackers expired.

This critical data privacy issue demands immediate and transparent action from all parties involved. No urgent public notices can replace comprehensive and agile action.

The statement from PhilHealth is insufficient and reckless. It leaves the public in the dark about the full extent of the breach and fails to outline a clear action plan for resolving the issue. Attributing the failure to renew antivirus software to new government procurement rules is not just an excuse; it’s a dereliction of duty. It is unacceptable.

The PhilHealth breach raises serious questions about the security of other government databases. If a database as extensive as PhilHealth’s can be compromised, it casts doubt on the security measures in place for other government systems.

Failure of leadership happens when an organization’s management has problems instructing team members and coordinating their efforts with sense of urgency . This can cause huge project delays, decreased employee and customer morale, miscommunication and inconsistent quality of work. This has huge ramifications in the future.

This is the 🇵🇭 entire healthcare system.

Accountability is key.

“Leaders inspire accountability through their ability to accept responsibility before they place blame.”― Courtney Lynch


Anthony C. Leachon, M. D.

Independent Health Reform Advocate

Past President ,
Philippine College of Physicians

Department of Internal Medicine
Manila Doctors Hospital