‘Millions’ of PhilHealth members likely affected by Medusa attack – DICT

Gelo Gonzales

This is AI generated summarization, which may have errors. For context, always refer to the full article.

‘Millions’ of PhilHealth members likely affected by Medusa attack – DICT

DICT. The Department of Information and Communications Technology Secretary Ivan Uy speaks at the launch of Cybersecurity Month 2023 at the DICT office in Quezon City, Monday, October 9, 2023

Gelo Gonzales/Rappler

The Department of Information and Communications Technology says it is 90% done in analyzing the stolen data

MANILA, Philippines – Department of Information and Communications Technology (DICT) cybersecurity Undersecretary Jeffrey Dy on Monday, October 9, said the number of members potentially affected by the PhilHealth data breach may be in the “millions.” 

Dy, speaking on the sidelines of the launching event for the agency’s Cybersecurity Month, declined to provide a specific number, citing the possibility of duplicate data that has yet to be reviewed, but called the number affected in the incident as “significant.”

The undersecretary said, “It’s not the entire [member] database, but it is a significant number.” 

Dy said the agency is about 90% done in analyzing the stolen PhilHealth data published first on the dark web on October 3, and the regular web and the messaging app Telegram on October 5. The data uploaded amounted to about 734 gigabytes uncompressed. 

The new estimate stated by Dy is significantly larger than the thousands said to be potentially affected, earlier reported by GMA on Saturday, October 7. 

GMA also reported that the DICT suggested providing new PhilHealth ID numbers (PIN) to prevent false PhilHealth claims by fraudsters.

PINs were among the stolen data, as revealed by PhilHealth itself in their October 2 notice to the public
In a video seen by Rappler showing the stolen documents, one of the most readily identifiable membership-related files are member contribution receipts showing the full name, PIN, and the amount of the contribution.

Must Read

PhilHealth officials may face law for negligence in ‘staggering’ data breach – NPC

PhilHealth officials may face law for negligence in ‘staggering’ data breach – NPC

DICT secretary Ivan Uy also reiterated that while PhilHealth’s servers that contain membership data may not have been hit by the hack, there were 92 workstations affected by the breach that accessed and downloaded data from the said database. 

The member data remained in the workstations, and became part of the stolen data. 

Uy also spoke about the confidential funds the agency is proposing for 2024, lamenting how it has decreased in past years. 

It is proposing P300 million this year, an amount questioned by Senator Grace Poe over how the agency spent the P1.2 billion in confidential funds it received in 2019 and 2020 – to which, agency auditors replied that only P400 million was spent while P800 million became part of the government savings for its COVID-19 response, as reported by Philstar

Echoing earlier statements on using the funds to fight cybercrime and scammers, the secretary said, “So habang ‘yung threat po eh lumalaki at lumalawak, eh ‘yung cybersecurity budget natin po ay paliit ng paliit ng paliit. Kung baga kung may giyera po tayo, habang ‘yung giyera ay palaki ng palaki, ‘yung budget para sa armas at sundalo ay paliit ng paliit.” 

(While the threat grows, our cybersecurity budget gets smaller. Imagine if there was a war, where while the war gets bigger, the budget for arms and soldiers gets smaller.) –

Add a comment

Sort by

There are no comments yet. Add your comment to start the conversation.

Summarize this article with AI

How does this make you feel?

Download the Rappler App!
Clothing, Apparel, Person


Gelo Gonzales

Gelo Gonzales is Rappler’s technology editor. He covers consumer electronics, social media, emerging tech, and video games.