The Philippine Health Insurance Corporation (PhilHealth) announced Monday, Oct. 2, that its members’ data, including name, address, birthday, sex, contact number, and PhilHealth identification number were compromised by the cyberattack of Medusa ransomware.

“The number of data subjects or records involved is still undetermined, but we are working relentlessly to gather all relevant information [...] We are working to notify all affected individuals directly. If you have not received a notification from us, you may not have been affected,” the statement read.

The state insurer urged its members to take precautions, such as monitoring their credit reports for possibly unauthorized activity, placing fraud alerts on their credit reports, changing passwords for financial accounts, and being wary of phishing emails and smishing texts.

PhilHealth, however, reiterated that its primary database was intact after the cyberattack.

It also stated that it is working with various government agencies to “bring the culprits to justice.”

“As we take premium in safeguarding your personal information and upholding your privacy, we have worked diligently to investigate and resolve the matter to protect your data,” the statement further read.

PhilHealth chief Emmanuel Ledesma Jr. told the media on Monday, Oct. 2, that they anticipated the hackers’ bid to release ‘distorted information’ through different channels because of their decision not to pay the $300,000 ransom imposed by the hackers.