News source:https://news.abs-cbn.com/news/10/02/23/philhealth-to-notify-all-individuals-affected-by-data-breach
On 22 September 2023, the Corporation suffered a cyberattack from the Medusa Ransomware which compromised the data stored from some of our servers and local workstations. The primary database was intact and not infected. The incident was immediately reported to the Department of Information and Communications Technology (DICT), the National Privacy Commission (NPC) in order to expediently resolve the matter; and to law enforcement agencies such as the Philippine National Police (PNP) Cybercrime Division, Cybercrime Investigation and Coordinating Center (CICC) and the National Bureau of Investigation (NBI) in order to identify and capture the perpetrators.
To contain and mitigate the spread of the cyberattack, our IT personnel immediately instituted remedial measures such as disconnecting network. All PhilHealth employees in the head and regional offices were advised to undertake security measures in order to prevent further unauthorized disclosure and incurrence of copycat attacks.
As we take premium in safeguarding your personal information and upholding your privacy, we have worked diligently to investigate and resolve the matter to protect your data.
The number of data subjects or records involved is still undetermined, but we are working relentlessly to gather all relevant information. At this time, we believe the following types of data, among others, were compromised:
- Name
- Address
- Date of Birth
- Sex
- Phone Number
- Philhealth Identification Number
We are working to notify all affected individuals directly. If you have not received a notification from us, you may not have been affected. However, we recommend that you take the following steps as a precaution:
- Monitor your credit reports for any unauthorized activity
- Place a fraud alert on your credit reports
- Change your passwords for all online accounts, especially financial accounts
- Be wary of phishing emails and smishing texts
We sincerely apologize for any inconvenience this incident caused. We are committed to protecting your data by continuously working to enhance our security measures.
If you have any questions or concerns, you may reach us via This email address is being protected from spambots. You need JavaScript enabled to view it. or This email address is being protected from spambots. You need JavaScript enabled to view it..
Data Protection Officer (PHIC)