The Department of Information and Communications Technology (DICT) confirmed that a ransomware attack on the Philippine Health Insurance Corporation (PhilHealth) last month has compromised the personal data of millions of Filipinos.
According to the DICT, the cyberattack occurred on September 22, 2023, when hackers infiltrated PhilHealth’s network and encrypted its files, demanding a ransom for their release. The DICT’s Cybersecurity Bureau responded to the incident and implemented security measures to contain the breach and restore PhilHealth’s systems.
However, hackers were able to access and exfiltrate some of PhilHealth’s databases, which contained sensitive information of its members, such as names, addresses, contact numbers, email addresses, birth dates, and health records.
The exact number of Filipinos affected by the data breach is still unknown, but Information and Communications Technology Secretary Ivan John Uy confirmed that it was a “significant amount” in the millions. The DICT is still investigating the extent and impact of the breach, as well as the identity and motive of the attackers. The agency is working closely with PhilHealth to restore its services and prevent similar incidents in the future.
For now, PhilHealth members are advised to monitor their accounts and report any suspicious or fraudulent activities. It is also recommended that they change their passwords and use strong and unique ones for different online platforms.
Members should also remain vigilant against online scams that may use the stolen information to trick or extort money from them. Remember to verify the source and authenticity of any online communication before responding or clicking on any links.
Should you become receive any suspicious or malicious emails or messages, you should report it to DICT’s hotline at 1326.