CarderPlanet
Professional
- Messages
- 2,549
- Reaction score
- 730
- Points
- 113
PhilHealth's systems fell under the onslaught of ransomware from the Medusa group.
The Philippine Health Insurance Corporation (PhilHealth) is recovering from a recent cyberattack . Due to the activity of ransomware, several websites and information portals had to be disabled.
The investigation, supported by other government agencies, began immediately.
PhilHealth provides insurance services to 114 million citizens. "While the investigation is ongoing, the affected information systems will be temporarily disabled to protect our data and programs," the representatives say.
On Monday, the corporation's CEO, Emmanuel Ledesma, said that access will be restricted to the portals for partner institutions, as well as to the electronic filing system for claims. Resources were supposed to be restored by September 25.
The management also assures the public that the situation is under control: the personal data of patients and staff were not affected.
While key services do not work, participants in the insurance program will have to provide paper copies of documents in order to receive medical care. Medical institutions are forced to negotiate preferential payments directly with patients who are ready for discharge.
PhilHealth also decided to add 60 days to the deadline for filing claims for reimbursement of expenses for the period from June to September of this year.
Medusa claimed responsibility for the incident. The criminals reported this on their leak site.
The organization was given 10 days to pay the ransom. If the deadline needs to be extended, the management will have to pay another $ 100,000. For deleting all stolen information or providing access to it, they require 300 thousand dollars.
At the same time, the hackers did not specify what specific data was compromised and to what extent.
Earlier, the CISA Agency warned in its advisory memorandum that Medusa operates under the RaaS (Ransomware-as-a-Service) scheme.
This means that the group not only conducts cyber attacks itself, but also provides the ransomware program for rent to other hackers for a percentage of the ransom received.
Usually, affiliated partners receive 60% of the "revenue", and Medusa takes the rest for itself. As noted in the memorandum, attackers primarily exploit vulnerabilities in the remote access protocol (RDP) to penetrate the network. After that, they encrypt the information and make their demands to the victim.
A preliminary analysis showed that hackers penetrated PhilHealth's systems as early as June 2023.
The Philippine Health Insurance Corporation (PhilHealth) is recovering from a recent cyberattack . Due to the activity of ransomware, several websites and information portals had to be disabled.
The investigation, supported by other government agencies, began immediately.
PhilHealth provides insurance services to 114 million citizens. "While the investigation is ongoing, the affected information systems will be temporarily disabled to protect our data and programs," the representatives say.
On Monday, the corporation's CEO, Emmanuel Ledesma, said that access will be restricted to the portals for partner institutions, as well as to the electronic filing system for claims. Resources were supposed to be restored by September 25.
The management also assures the public that the situation is under control: the personal data of patients and staff were not affected.
While key services do not work, participants in the insurance program will have to provide paper copies of documents in order to receive medical care. Medical institutions are forced to negotiate preferential payments directly with patients who are ready for discharge.
PhilHealth also decided to add 60 days to the deadline for filing claims for reimbursement of expenses for the period from June to September of this year.
Medusa claimed responsibility for the incident. The criminals reported this on their leak site.
The organization was given 10 days to pay the ransom. If the deadline needs to be extended, the management will have to pay another $ 100,000. For deleting all stolen information or providing access to it, they require 300 thousand dollars.
At the same time, the hackers did not specify what specific data was compromised and to what extent.
Earlier, the CISA Agency warned in its advisory memorandum that Medusa operates under the RaaS (Ransomware-as-a-Service) scheme.
This means that the group not only conducts cyber attacks itself, but also provides the ransomware program for rent to other hackers for a percentage of the ransom received.
Usually, affiliated partners receive 60% of the "revenue", and Medusa takes the rest for itself. As noted in the memorandum, attackers primarily exploit vulnerabilities in the remote access protocol (RDP) to penetrate the network. After that, they encrypt the information and make their demands to the victim.
A preliminary analysis showed that hackers penetrated PhilHealth's systems as early as June 2023.
