The Philippine Health Insurance Corporation (PhilHealth) experienced a ransomware attack on Friday, September 22, according to a media report.
Ransomware attacks involve infiltrating and encrypting an organization’s data, then demanding a ransom for its release.
The attack was confirmed by Jeffrey Dy, the cybersecurity Undersecretary of the Department of Information and Communications Technology (DICT), as reported by the Manila Bulletin. The DICT became aware of the attack around 9 am on Friday.
The specific ransomware linked to the attack is identified as the Medusa ransomware.
Dy stated that they have been in contact with PhilHealth since the morning and are assessing the impact. While some systems are temporarily down, there are no indications that the eGov platform has been affected.
Several groups using the name Medusa are known in the ransomware and malware space. One group called “MedusaLocker” was observed by cybersecurity firm Trend Micro, initially targeting Windows computers in September 2019 through spam emails and phishing websites. This ransomware can encrypt files and disable usage capabilities.
Another group named “Medusa” claimed attacks on various entities, including the University of Cyprus in April, an Italian water supplier in May, and the transport system in Auckland, New Zealand, on September 19.
Medusa has gained notoriety in 2023.
The extent of the breach within PhilHealth’s computer systems and the information accessed by the attackers remains unclear.
The National Privacy Commission, which requires organizations to report data breaches within 72 hours, had not received updates from PhilHealth as of 3 PM on Friday.