The Philippine Health Insurance Corporation (PhilHealth), responsible for managing the universal healthcare system of the Philippines, is grappling with a ransomware attack that has led to the shutdown of several of its websites and portals. The attack was discovered on a Friday morning, prompting an immediate investigation in collaboration with various government agencies.
PhilHealth serves as the national health insurance provider for the country’s 114 million citizens. The organization made assurances that no personal or medical information has been compromised during the incident.
Despite the disruption, PhilHealth is working diligently to restore its systems and services, with a target date of September 25, 2023. The Department of Information and Communication Technology (DICT) and multiple law enforcement agencies are conducting a forensic investigation to identify the perpetrators and assess the extent of the breach. During the downtime, members and dependents must provide physical copies of identification, and payments for services cannot be made online.
The attack was claimed by the Medusa ransomware gang, which has demanded a ransom from PhilHealth, including an extension payment to delay the ransomware’s deadline. The gang also offered an option to delete or download the stolen data for a separate fee.
While it remains unclear what data was taken or how much was exfiltrated, Medusa is known for its Ransomware-as-a-Service (RaaS) model, where affiliates receive a significant portion of the ransoms collected.
Medusa has a history of targeting government and public service organizations globally, making it an active and widespread threat. International cooperation is crucial in addressing this cybersecurity challenge.