SUMMARY
This is AI generated summarization, which may have errors. For context, always refer to the full article.
MANILA, Philippines – Stolen PhilHealth data began to leak on a regular website and messaging app Telegram on Thursday, October 5, two days after initially only being available on the harder-to-access dark web on Tuesday, October 3.
The Department of Information and Communications Technology’s cybersecurity undersecretary Jeffrey Dy told GMA said that the attacks are now in the “final stage” of the “extortion stages” wherein individuals in the database will now be targeted for spam and scams.
The leaked files amount to about 600 gigabytes.
In one video showing an overview of the stolen documents, at least one type of document readily indicates that PhilHealth members, and not just employees, are affected in the breach as well: receipts of members for paying their PhilHealth contribution.
The receipt contains the payee’s full name, the 12-digit PhilHealth Identification Number (PIN), the amount of the contribution, and the time period of the contribution. The name and the PIN are details that appear on the PhilHealth ID, which is considered a valid government ID.
The receipts are mostly from members under PhilHealth’s “Individually Paying Program” or the self-employed or those in the informal sector without a formal employer-employee setup.
The PIN, along with a password, is also one of the parameters asked when logging onto PhilHealth services online. Paired correctly with a member name, this could be a vector of attack for a would-be hacker, identity thief or scammer.
Sample screenshots of the video are below, redaction ours:
The receipts are the most readily identifiable pieces of document that prove the leaks contain membership-related information. It’s still unclear how many of these are in the files or whether there are other types of membership information in the hacked database.
PhilHealth has said that while its membership database which contains claims, contributions, and accreditation information is “intact and completely unaffected,” there were individual workstations that were compromised, which may have included member data. 92 workstations were affected by the attacks, according to a report by Manila Bulletin.
Senator Grace Poe, admonished the state-run insurer for allowing its antivirus software subscription to lapse originally in April 2023 before being given a short extension up to May 15, 2023 by the service provider, according to a Philstar report.
“Why was it (cyber security subscription) not prioritized? They let it lapse and didn’t pay the subscription. I am sure they have an IT manager there. They should be summoned, their database was not affected, but other information were stolen,” Poe said.
Other documents seen on the video showing the stolen files include passports, bank cards, PhilHealth employee IDs, unlabeled ID photos, a folder called “confidential comelec files” with an employee voters’ list dated 2006, company memos, marketing plans, and similar files. – Rappler.com
Add a comment
How does this make you feel?
There are no comments yet. Add your comment to start the conversation.