Hackers started exposing some data obtained from the Philippine Health Insurance Corporation’s (PhilHealth) employees on Tuesday, Oct. 3, after the hundred-dollar ransom deadline expired.
In an interview with DZRH, PhilHealth spokesperson Dr. Israel Francis Pargas confirmed that their employees’ personal data were leaked.
He added that possibility that members’ data were also affected by the data breach.
Sa panayam ng @dzrhnews, inamin ni Pargas na nakuhaan ng personal na info ang kanilang mga empleyado.
— Edniel Parrosa (@ednielparrosa) October 3, 2023
Hindi rin umano inaalis ng PhilHealth ang posibilidad na pati data ng mga miyembro ay nadale ng data breach.
Ginawa ni Pargas ang pahayag matapos ilabas ang notice na ito: pic.twitter.com/Ht6SdUTCJp
A video posted by OSINT without borders showed a series of documents and photos containing PhilHealth employees’ personal identifiable information (PII) could be seen.
In a CNN Philippines report, Department of Information and Communications Technology (DICT) Undersecretary Jeffrey Dy said their agency’s initial analysis revealed that PhilHealth’s employees’ identification cards such as Government Service Insurance System (GSIS) IDs were published in the dark web.
“In terms of personal identifiable information, we saw some IDs, pictures, which we cannot ascertain at the moment if they are Philhealth employees, or members,” Dy told the news outlet.
According to Kaspersky, the dark web is the “hidden collective of internet sites” which keeps internet activity anonymous and are available only through a specialized web browser. The private international cybersecurity company also added that the dark web was infamous for “highly illegal activity.”
Dy also told the news outlet that the information published in the dark web seemingly acted as “teasers” from hackers waiting for the government to agree to their demands.
Meanwhile, PhilHealth clarified that its membership database remained “intact and unharmed” by the cyberattack last September 22 after the clamor following their previous announcement that some data of the state insurer’s members were compromised by the attack.
“The Corporation urges the public to be cautious in opening malicious contents online and on social media. It is working with the authorities to catch the perpetrators,” the statement read.
PhilHealth announced Wednesday, Oct. 4, that its remaining online systems affected by the cyberattack, such as the Electronic Premium Remittance Systems (EPRS), Health Care Institution (HCI) Portal, and electronic PhilHealth Acknowledgement Receipt (ePAR) were restored.