The Medusa ransomware group has released compressed files in zip format containing data from the Philippine Health Insurance Corporation, also known as PhilHealth. This comes after PhilHealth refused to pay a ransom of US$300,000. The compressed files are divided into 160 parts, each around 3,891MB in size. In total, the files amount to approximately 622GB, with an extra 3.5GB file. However, downloading these files is risky as the initial link on the dark web contains a remote access trojan (RAT) that can compromise security and privacy.
Renzon Cruz, a cybersecurity professional, has analyzed the Medusa attack on PhilHealth and discovered that the extracted files contain personal data of PhilHealth members, including senior citizens, persons with disabilities (PWDs), and employees. The compromised data includes names, addresses, dates of birth, sex, nationality, PhilHealth identification numbers, and passwords. Various files were released, containing executive summaries of premium contributions, transaction data, PWD member information, employee payroll, agency cashflow, PWD claims, corporate bank transactions, and file statistics.
The release of this stolen data raises concerns about the security of PhilHealth’s systems and the privacy of its members. PhilHealth has stated that it is enhancing its cybersecurity measures and taking steps to prevent future data breaches.
Unfortunately, this hack is not an isolated incident, as the Philippines has experienced several data breaches targeting government agencies and private companies. The Department of Information and Communications Technology acknowledges the need to improve cybersecurity in the country.
Jeffrey Ian Dy, Undersecretary for Connectivity, Cybersecurity, and Upskilling at the Department of Information and Communications Technology (DICT), has confirmed the leak of personal data from PhilHealth members. He advises members to change their passwords, avoid using personal information in passwords, enable multi-factor authentication, and be cautious of suspicious links received via text or email. Dy also warns the public about messages claiming to be related to the data leak, as the government will not send any links through text or email.
This incident highlights the government’s need to invest in cybersecurity measures and raise awareness among employees and the public regarding cybersecurity risks.
To protect themselves from identity theft and scams, PhilHealth members should remain vigilant against phishing scams, monitor their credit reports and bank statements regularly, consider placing a fraud alert on their credit reports, and contact PhilHealth immediately if they suspect their personal information has been compromised.
Cybersecurity professionals Renzon Cruz and John Patrick Lita are particularly concerned about the clear text passwords listed in the stolen files, as it gives the ransomware group access to personal information and passwords. They also worry about the potential use of the leaked data for identity theft, fraud, and other crimes.
In terms of response, Angel Redoble, First Vice President & Group CISO at the PLDT Group & Smart Communications, suggests three scenarios regarding the stolen data. Firstly, it could have been sold to interested groups, which is difficult to prevent. Secondly, the information may be used for fraudulent transactions, and individuals should keep records to prove their innocence. Lastly, the data could be used for blackmail and extortion, and in such cases, individuals should remain strong, not succumb to threats, and contact the authorities. Redoble advises the government to establish a dedicated office to assist affected members, and companies should advise their employees to stay vigilant and monitor their accounts for any suspicious activity.
Overall, the PhilHealth hack underscores the need for stronger cybersecurity measures, both at the government and individual levels, to protect personal information and prevent future breaches.