Senator wants to probe cyberattack on PhilHealth 

A resolution was filed in the Senate seeking to conduct an inquiry, in aid of legislation, over the recent cyberattack on the website of the Philippine Health Insurance Corp. (PhilHealth), as well as other government agencies, according to a report by Philippine News Agency.

Senator Mark Villar, who filed Senate Resolution No. 811, said on Tuesday the attack compromises private information and public health.

“Ang atake na ito ay hindi lamang isang malaking kaso ng information theft. Ito ay bahagi ng malawakang atake laban sa (This attack is not only a big case of information theft. This is just a part of a wider attack against) public health and welfare because these attacks compromise the medical information of the members of PhilHealth,” Villar said.

The lawmaker also noted that the more than 24-hour downtime of PhilHealth's system during the attack has endangered the capacity of its members and beneficiaries to seek immediate medical assistance.

“Ang cyberattack laban sa PhilHealth ay hindi lamang atake laban sa isang institusyon ng gobyerno. Ito ay atake laban sa bawat indibidwal na miyembro ng PhilHealth at sa kanilang karapatan sa secured at accessible na tulong medikal (The cyber attack against Philhealth is not just an attack against a government institution. This is an attack against every individual who are members of PhilHealth and their right for a secured and accessible medical assistance),” Villar said.

“It is high time that we strengthen our cyberspace security as we are dealing with private and delicate information that could endanger, not just of one institution, but of the general Filipino public,” he added.

On Sept. 22, the PhilHealth website was hit by an attack from the Medusa ransomware, made by an international group of hackers known for its sophisticated attacks on large organizations and which demanded USD300,000 so as not to expose the data it illegally obtained.

Department of Information and Communications Technology Undersecretary Jeff Ian Dy, however, said the stolen data are mostly from employees of PhilHealth and not from its members.