PhilHealth: More systems back online

- Advertisement -

THE Philippine Health Insurance Corporation (PhilHealth) said it continues to work for the return to normalcy of its online application systems.

As of Tuesday night, it said, three more of its systems have been brought back online. These are the Health Care Institution (HCI) Portal, Electronic Premium Remittance System (EPRS), and electronic PhilHealth Acknowledgment Receipt (ePAR).

The HCI Portal is the system that enables health facilities to easily establish a member’s or their dependent’s eligibility to avail of the benefits.

- Advertisement -spot_img

EPRS, meanwhile, is used by employers in the government and private sector to remit and report premium contributions of their employees together with their counterpart/share online.

The ePAR is the system being used by PhilHealth and its accredited collecting agents for online transactions, which replaces the manual issuance of official receipts.

Last week, PhilHealth was able to bring back online its website, Member Portal, and eClaims.

PhilHealth immediately shut down its entire system and disconnected its network after detecting the Medusa ransomware attack on September 22. The attackers are reportedly demanding a $300,000 ransom, which PhilHealth said it would not pay.

PhilHealth, in a statement Tuesday night, said its main servers containing members’ private information were not affected by the hacking of its database.

This comes after the state insurer said the “number of data subjects or records involved (in the hacking) is still undetermined.”

In a statement released on Monday night, PhilHealth said information of its members have been compromised during the Medusa Ransomware cyberattack on September 22.

“At this time, we believe the following types of data, among others, were compromised: name, address, date of birth, sex, phone number, and PhilHealth identification number,” said PhilHealth.

In the Tuesday statement, PhilHealth said the compromised member information are those in the employees’ workstations that were hit by the hacking.

“The ransomware attack did not affect our servers containing members’ private information. PhilHealth’s membership database, claims, contribution, and accreditation information, which are stored in a separate database, are intact and completely unaffected by the said cyberattack,” it said.

“Only the application servers and employees’ workstations have been affected by the said cyberattack. Hence, files stored locally in the hard drive of the infected workstations may have been compromised,” it added.

The state-run health insurer said the actual extent of the affected membership data remains unknown.

“An inventory is being conducted in order to determine the extent of information, which may have been exfiltrated from these workstations,” said PhilHealth.

It also said it has started reaching out to individuals whose information have been compromised, as required by the National Privacy Commission (NPC).

Secretary Ivan Uy of the Department of Information and Communication Technology (DICT) said some personal information, including PhilHealth IDs, have been released on the dark web.

But whether the information are of PhilHealth employees or members could not be ascertained.

Uy said DICT has seen payroll data in the dark web and surmised these are of PhilHealth employees.

- Advertisement -spot_img

Uy also said unfortunately, information released to the public can no longer be retrieved.

“It’s out on the public, you cannot get it back,” Uy said.

Uy said NPC, which implements the Data Privacy Law, is looking into the matter “to ascertain if there is some liability on the part of the entity that holds your data,” referring to PhilHealth, when asked if the agency can be held liable.

“It’s a complicated matter. We have to prove there was gross negligence. If the agency concerned exercised due diligence yet their data had been hacked, there are mitigating circumstances,” he said.

Uy also said personal data containing sensitive information and made public can be used by unscrupulous individuals for identity theft or identity fraud. “They can apply for a credit, open a bank account or register SIM cards and use the (information) for illegal means.”

Uy also warned that spreading of fake news would be the next strategy of those responsible for the attack.

“That is the strategy of ransomware… they are following textbook procedures in terms of ransomware. First they tell you they obtained your information and ask for ransom. If they are ignored, they will send teasers to tell you they do have your data. If (the victim) does not bite, they will send more and more teasers until the (victims) are pressured to pay. The next strategy of hackers start spreading fake news, to put more pressure on the entity to pay the ransom,” Uy said. — With Irma Isip

Author

Share post: