PhilHealth Data Appears on the Darknet

10/04/2023Asia, Cybercrime

An official revealed on Tuesday that hackers had started disclosing some Philippine Health Insurance Corporation (PhilHealth) data, including information on employees, on the dark web after failing to obtain the ransom money from the government.

According to Jeffrey Dy, undersecretary of the Department of Information and Communications Technology (DICT), preliminary examination revealed that among the information disclosed were PhilHealth personnel’ identification cards, including Government Service Insurance System IDs.

Additionally, Dy claimed that they were able to find payroll copies and other information on the dark web, including “their regional offices, memos, directives, working files, [and] hospital bills.”

The official stated in a statement, “In terms of PII (personal identifiable information), we observed certain IDs, photographs, which we cannot determine at this time if they are Philhealth personnel, or members.

These, according to him, seem to be “teasers” from hackers who may still be waiting for the authorities to give in to their demand for a ransom.

Users can remain anonymous on the dark web, which can only be accessed with a specialist web browser. As a result, despite the fact that that portion of the internet is legal, it is also utilized for illicit activities like the sale and acquisition of unlawful goods and materials like drugs, pornography, and stolen identities.

The DICT previously reported that the cybercriminals had demanded $300,000 in exchange for providing the decryption keys, as well as for erasing and refraining from releasing the data they had obtained unlawfully.

The administration declared that it would uphold its position against paying ransom to hackers.

The members’ database, which has their private information, claims, contributions, and accreditation credentials, is “intact,” according to the DICT and PhilHealth, as it was not on any of the servers that were subject to the Medusa ransomware attack.

However, this does not necessarily mean that hackers were unable to get the information of members.

Authorities noted that this was because it’s possible that the same information in the database was also accessible on other systems that were hacked.

It appears that these data may have been present on the PhilHealth workstations and some other affected servers, such as training servers, Dy stated.

PhilHealth stated that it is still determining whether the data that the hackers stole included personal information about its subscribers.

The state insurance clarified its position on Monday night after publishing an urgent alert to the public, stating that it believed members’ personal data “were compromised” and that it is striving to contact every person who may have been impacted directly.

“The said notice is in faithful and substantial compliance to the National Privacy Commission’s requirement to proactively reach out to and inform data subjects who may be affected by the malicious posts of the attackers,” the company said.