MANILA, Philippines – The Philippine Health Insurance Corporation (PhilHealth) was hit by a ransomware attack on Friday, September 22, a media report said.

Ransomware attacks access and lock up a target entity’s data, and holds it up for ransom.

The attack was confirmed by Department of Information and Communications Technology (DICT) cybersecurity Undersecretary Jeffrey Dy, the Manila Bulletin reported. The agency became aware of it by 9 am, Friday.

The agency also told the newspaper that the specific ransomware tied to the attack is the Medusa ransomware. “We have been coordinating with PhilHealth since this morning. We are assessing the impact at the moment. They are temporarily down [on the] eGovApp, but there are no indications eGov is affected,” Dy said.

As reported by TechRadar, there are several groups in the ransomware and malware space that identify themselves as Medusa.

One group documented by cybersecurity firm Trend Micro, the “MedusaLocker” group and ransomware were first seen in September 2019, targeting Windows machines, with the infecting software usually arriving through spam emails and phishing websites. Like most ransomware, it is capable of file encryption, and disabling usage capability.

More recently, another group called “Medusa” claimed attacks on the University of Cyprus in April, a water supplier in Italy in May, and the transport system of Auckland in New Zealand just last September 19. Medusa picked up steam in 2023, as BleepingComputer reported.

TechRadar added, “Medusa encrypts files with the .MEDUSA file extension, while MedusaLocker uses a wide variety of extensions.”

It is currently unclear what parts of Philhealth’s computer systems have been accessed, and what information attackers have been able to take.

The National Privacy Commission, which requires private and public organizations to report data breaches within 72 hours of discovery, said it had yet to receive a notification from Philhealth as of 3 pm, Friday. – Rappler.com