PhilHealth hackers upload compromised data on messaging app

Metro Manila (CNN Philippines, September 6) — The Department of Information and Technology (DICT) is calling on the public to be more vigilant of text spams and scams following the upload of compromised data from the Philippine Health Insurance Corporation (PhilHealth) on a messaging app.

DICT Undersecretary Jeffrey Dy confirmed to CNN Philippines on Friday that the hackers uploaded on Telegram over 600 gigabytes worth of uncompressed files on Thursday afternoon.

“Yes, among other channels, they did leak this thru Telegram,” he said in a text message.

“We are still analyzing. But there are a subset of membership data like member’s name and their ID numbers, email of employees, etc,” he added.

Based on the DICT's initial analysis, the personal data they saw include identification cards, payrolls, photos, and some ATM cards of PhilHealth employees.

Following the upload, Dy believes the hackers will target individuals whose personal information was among those made public.

“We appeal to the public to be more vigilant of phishing attempts. Don’t click on untrusted links,” he said.

However, the DICT official said this may be the only release of hackers.

“I think that is all the data they have. That is already huge eh 625GB,” Dy said.

“The MO (modus operandi) of Medusa indicates na one time lang sila mag-bulk release,” he added.

On Wednesday, PhilHealth also called on its affected employees to change their passwords as the stolen data may be used for illegal activities.

The cyber attackers earlier demanded ransom worth $300,000 in exchange for the data they captured from over 90 PhilHealth work stations.

Both the DICT and the state-run health insurer maintained they will not pay any amount.

PhilHealth is working with other government agencies like the DICT and the National Privacy Commission to further investigate the incident.