By Ma. Teresa Montemayor

PhilHealth office in Quezon City (PNA photo by Joan Bondoc)

MANILA – The Philippine Health Insurance Corporation (PhilHealth) on Wednesday called on its members transacting through their website’s member portal to change the passwords of their online accounts.

PhilHealth Acting Vice President of Corporate Affairs Group Rey Baleña said the agency has not identified who among their members have been affected by the cybersecurity attack.

“Ngayon pag nagpalit tayo ng password, huwag po natin ishe-share ang password na ito para po di nila ma-access ang inyong account (Once you have changed your password, please don’t share it so others cannot access your account),” he said in a Bagong Pilipinas Ngayon interview.

All members are reminded not to entertain calls, text messages and emails from unknown sources for their protection.

To date, PhilHealth is still waiting for the report of the Department of Information and Communications Technology tasked to investigate and monitor the type of data downloaded from the corporation’s website through the Medusa ransomware attack.

“Based on investigation, initial assessment, intact and ‘di po napasok ang ating databases gaya ng ating membership, contribution, accreditation at iba pa (and databases like membership, contribution, and accreditation among others were not affected),” Baleña said.

Since the downloaded data may not be taken back, he said PhilHealth ensured it had sufficient software to strengthen its cybersecurity infrastructure.

“Meron na po tayong naka-install, as we speak now ay awarded na po sa atin pong bagong provider ‘yun pong kontrata sa ating antivirus software (We have already installed, as we speak now our new provider have been awarded antivirus software contact),” Baleña said.

A cybersecurity task force will be established to prevent cybersecurity attacks and ensure a dedicated team to handle similar incidents, he added.

Meanwhile, the National Privacy Commission (NPC) warned against the resharing of the PhilHealth leaked data.

“It has come to our attention that the personal data exfiltrated from PhilHealth is being shared illicitly,” the NPC said in a statement Tuesday.

“We want to emphasize the gravity of this situation and the severe consequences that await anyone involved in processing, downloading, or sharing this data without legitimate purpose or without authorization.” (PNA)