THE Philippine Health Insurance Corporation (PhilHealth) has assured its members their personal and medical information have not been compromised in a cyberattack that hit the agency last Friday.
As of last year, PhilHealth has some 65 million direct contributors and about 39 indirect contributors.
PhilHealth was hit by the Medusa ransomware attack which is a type of malware that encrypts files and demands a ransom payment for the decryption key.
The state-run health insurer said it was targeting to restore all its systems by today.
PhilHealth president and chief executive officer Emmanuel Ledesma, in a statement late Saturday, said “the incident is under control and no personal information and medical information has been compromised or leaked.”
Ledesma said PhilHealth has coordinated with government agencies to conduct forensic investigation and assessment, including the Department of Information and Communication Technology, National Privacy Commission, NBI cybercrime units, and the PNP.
While the investigation is ongoing, PhilHealth said the entire system, including the website, health care institution and member portal, and e-claims, have been disabled temporarily as part of “information security containment measures.”
PhilHealth said members and their qualified dependents will continue to be entitled to benefits of the National Health Insurance Program (NHIP) with the submission to accredited healthcare providers a photocopy of the member’s PhilHealth identification card or member data record (MDR) or any identified acceptable supporting documents.
Self-earning individuals and professionals paying their premium contributions, on the other hand, may pay directly to PhilHealth’s accredited collecting agents with over-the-counter payments.
