PhilHealth Initiates Data Breach Notifications for Affected Members.

PhilHealth commence notifying members affected in the Data breach.

In a new development after the recent attack, the Philippine Health Insurance (PhilHealth) Corporation revealed its intention to inform affected members about data breaches following a thorough analysis of the data exfiltrated by threat actors.


     Patients waiting for their scheduled appointment at the PhilHealth Hospital in Philippines. Image-source: CNN


PhilHealth also acknowledged that its outdated cybersecurity infrastructure exposed vulnerabilities that allowed unauthorized individuals to breach employee workstations, which were exploited to access and steal information pertaining to data, policies, presentations, and research materials.

Fortunately, the cybercriminals were unsuccessful in series of attempts to breach the core PhilHealth database, safeguarding crucial membership, contribution, and accreditation data. It’s worth noting that the government opted to decline the ransom demands made by the hackers, resulting in the illicit dissemination of the compromised data on the Dark Web.


The Acting Vice President PhilHealth Speaks:

The acting vice president of PhilHealth’s corporate affairs group Rey Baleña, has revealed that the organization is currently awaiting the Department of Information and Communications Technology (DICT) to provide them with copies of the compromised files.

Baleña who issued a public statement (translated from Filipino) describes that:

“The investigation is ongoing, and we will be provided with copies of the files downloaded from the hacker’s post by the DICT,” Baleña said in a public briefing. “We lack the capacity and expertise to do this. Once we receive these downloaded files, we can commence our analysis – identifying which members have been compromised and, as a result, begin reaching out and notifying the affected members.”

Baleña further noted that data retrieval was no longer anticipated, considering the data had already been exposed. The PhilHealth representative strongly encouraged members to exercise caution and avoid engaging with suspicious phone calls and emails.

 He stated (translated) that:

“Unfortunately, this data cannot be recovered anymore. What we will do moving forward is to ensure that we have sufficient anti-virus software in place to prevent this from happening.”

Furthermore he emphasized that:

“As we speak, we already have it up and installed. As of this moment, the contract for our new provider for our anti-virus software has been awarded.”

Individuals with growing concerns or complaints regarding the ransomware attack can direct their inquiries through the following temporary email addresses: [email protected] and [email protected]

An expert previously highlighted that the state insurer could potentially bear responsibility for a data breach within the organization, despite being a victim of a ransomware attack.

The National Privacy Commission (NPC) stated this week that they are examining PhilHealth’s accountability, considering the cyberattacks potential exposure of member data.




Put your comments below in the comment section on your thoughts about this.

Find this article and information helpful? Show some love and support  “Click-Here”
5 1 vote
Article Rating
Notify of
Inline Feedbacks
View all comments