BY GERARD NAVAL and WENDELL VIGILIA
DATA of some 13 million to 20 million members of the Philippine Health Insurance Corporation (PhilHealth) had likely been compromised during the cyberattack suffered by the state insurer late last month.
Meanwhile, the House of Representatives’ website, which was defaced by hackers last Sunday, was restored yesterday afternoon. The website was initially restored last Monday, 24 hours after the hacking incident but the House had to voluntarily take it down last Tuesday as IT in-house experts “detected suspicious and unusual activities that necessitate further scrutiny,” Nerissa Santiago, PhilHealth senior vice president and Data Privacy Officer said.
Santiago, said initial data analysis indicate at least 13 million members may have had their data leaked by the hackers.
“It is really in the millions. Initially, we can surmise that it covers about 13 million data. We are just completing analysis for us to have the complete information,” she said in a press conference.
“For members, we are expecting some 13 to 20 million names. But we cannot say the exact number yet. Initially, that’s what we are looking at,” she added.
Santiago also said close to a thousand PhilHealth employee data have also been leaked.
“For employees within the home office, we are looking at around 600 to 800 individuals,” she said adding the employees have been informed.
She reiterated PhilHealth’s call for the public to take measures to secure their information, especially those online, including changing passwords and disregarding suspicious calls, emails, and text messages.
PhilHealth president and chief executive officer Emmanuel Ledesma Jr. said the agency is taking measures to prevent another cyberattack.
“Just in case we have to issue new PINs or start all over again, for the protection of the members, we will do it even if it is very tedious. We will take care of everything,” he said.
PhilHealth’s system was hit by a Medusa ransomware attack on September 22, with the perpetrators eventually posting stolen data on the dark web.
The Department of Information and Communications Technology) later said the PhilHealth data breach may be in the “millions.”
At the House, the Office of Speaker Martin Romualdez said the chamber’s IT team was able to fully restore the website at around 4:30 p.m.
Hackers, who called themselves “3MUSKETEERZ” defaced the website before noon on Sunday with a “YOU’VE BEEN HACKED” and troll face comic meme posted on the left side of the landing page, www.congress.gov.ph. It was fully restored last Monday, more than 24 hours after the attack.