MANILA, Philippines – Hackers have begun exposing some of the data retrieved from the September 22 ransomware attack against the Philippine Health Insurance Corporation (PhilHealth).

On Tuesday, October 3, a CNN Philippines report citing Undersecretary Jeffrey Dy of the Department of Information and Communications Technology (DICT) said an initial analysis of the published information showed PhilHealth employees’ identification cards, which included their Government Service Insurance System IDs.

Dy also said other details – such as copies of an employees’ payroll and information pertaining to “their regional offices, memos, directives, working files, [and] hospital bills” – were included in the publicized information.

Personal identifiable information revealed in the exposure also included “some IDs, pictures, which we cannot ascertain at the moment if they are PhilHealth employees, or members,” the report cited Dy as saying.

Inquirer.net, in its report, noted that PhilHealth confirmed user data – including names, addresses, dates of birth, sex, phone numbers, and PhilHealth identification numbers, among others – were compromised. 

PhilHealth said it was “working to notify all affected individuals directly.”

The hackers, which used Medusa ransomware to attack the access and lock the data of PhilHealth, appeared to reveal some of the stolen data after a ransom of $300,000 (approximately P17 million) to unlock the data was not paid.

While Dy said the PhilHealth member database remained “intact,” he also said it appeared workstations and servers hit by the Medusa ransomware attack may have also contained information on members.

While the extent of what data was compromised is still being determined, it is also possible that PhilHealth employees, at the very least, are at risk of identity theft or further future cyberattacks without proper support from the DICT and the National Privacy Commission. – Rappler.com