Hackers have placed everyone in danger after they have exposed over 600GB of Philhealth data to the dark web. This follows after Philhealth’s website and computer systems suffered from a Medusa ransomware attack last September 22. 

The Medusa ransomware encrypts data and demands a ransom payment in exchange for an alleged decryption key. For the attack, the hackers demand $300,000 or around Php 18 million for the decryption key needed to get back Philhealth’s stolen data.

Days after the attack, the Medusa Ransomware group have begun selling the stolen data in online marketplaces like Telegram. How badly compromised is Philhealth right now? According to their latest findings, PhilHealth Spokesman Israel Pargas claims that only ID cards of their employees have been leaked so far. Aside from ID cards, other information like copies of employees’ payroll, memos, working files, and hospital bills were included in the publicized information. Philhealth insists that their primary database is intact, but believes that sensitive information might have been included in the ransomware attack. 

While the investigation is ongoing, Philhealth urges all members to bwe vigilant by enabling fraud alerts on credit cards, changing passwords in all digital accounts, and keep an eye on potential phishing and smishing emails and texts. 

The whole incident could have been avoided if the government was serious with cybersecurity and made sure all sensitive data are encrypted and protected against cybercriminals. Recently, Philhealth admitted that it failed to renew its antivirus software licenses last year, making its computer system vulnerable to ransomware attacks. 

The problem with how the government handles cybersecurity is not limited to Philhealth’s woes: several government agencies including COMELEC and the gov.ph portal have been victims of hacking a few years ago, and there has been little action in improving cybersecurity since these attacks. While the DICT did help restore Philhealth’s servers, they have yet outlined a clear plan on improving the cybersecurity of all government agencies so that similar incidents will not happen in the future.