Metro Manila (CNN Philippines, October 11) — Information and Communications Technology Secretary Ivan Uy on Wednesday advised PhilHealth members not to click links purporting to be sent by the state insurer through text or email as these are “bait” from hackers.
Speaking to CNN Philippines’ The Source, Uy said there are links being shared online that claim these can be used by PhilHealth members to check whether their information was compromised or not after the ransomware attack on last month.
“That is designed that once you click on them or once you download them, it actually installs either a backdoor or a ransomware or other types of malicious software into your computer system,” he explained.
“Please do not download and do not click on those files purporting to be PhilHealth members’ files,\” he added.
Uy said investigation on the data breach is still ongoing. While authorities have yet to determine the extent of the ransomware attack, he said the PhilHealth member data server has no signs of penetration.
However, he said it is still possible that there are some member data that were exposed since PhilHealth’s system allows some employees to access and download information from the server to their computer to do their transactions.
It is also possible that other employees who were not given authorization were able to access information, he added.
“We have seen other instances where people who were not authorized or were not given access to certain systems actually had access because the person who had access shared with them the password or the credentials for them to access dahil nag-sick leave ‘yung tao, nag-maternity leave, at hindi makapag-report (because the employee was on a sick leave or a maternity leave preventing them from reporting to work),” Uy explained.
Some of the exposed PhilHealth information include name, age, birthday, gender, address, and other identifiable information. Authorities have yet to determine whether these are the state insurer’s employees or its members.
Uy admitted the DICT is facing challenges when it comes to investigating the issue given the agency’s limited funds and workforce.
