1 min read

[gulfnews] Philippines: Hackers demand $300k after health insurer's data compromised

Manila gov targeted in Medusa ransomware attack, hackers demand $300,000. PhilHealth employee data compromised, member info secure. DICT actively working on system cleanup.
[gulfnews] Philippines: Hackers demand $300k after health insurer's data compromised
Photo by Fili Santillán / Unsplash
Philippines: Hackers demand $300k after health insurer’s data compromised
Medusa ‘ransomware’ attack: Data breach at PhilHealth state health insurer
  • The Manila government has been targeted in a ransomware attack, with hackers demanding $300,000 (₱17 million) after compromising the database of the Philippine Health Insurance Corporation (PhilHealth).
  • The leaked information primarily affects PhilHealth employees, not members. The Department of Information and Communications Technology (DICT) assures that PhilHealth member databases remain secure.
  • The ransom demand is contingent on three conditions: providing decryption keys, deleting obtained data, and providing a copy to DICT.
  • DICT is actively working with PhilHealth and outsourced cybersecurity partners to clean up the system. Restoring PhilHealth's online services is the top priority, currently unavailable since the cyberattack on Sunday.
  • Medusa ransomware, first documented in June 2021, is a type of malicious software designed to encrypt files. It primarily exploits vulnerabilities in Remote Desktop Protocol (RDP) for network access. The FBI and CISA issued a cybersecurity advisory in August 2022 about MedusaLocker ransomware, emphasizing its use of RDP vulnerabilities and its operational model as a Ransomware-as-a-Service framework.