Philippines state health org struggling to recover from ransomware attack

/in


The government organization that manages the universal healthcare system of the Philippines has struggled to recover from a ransomware incident that forced it to take several websites and portals offline.

On Friday morning, officials from the Philippine Health Insurance Corporation (PhilHealth) said they discovered an information security incident and immediately began an investigation into the situation with the help of several other government agencies. The government-owned entity provides a national health insurance program for the country’s 114 million citizens.

“While investigation is being undertaken, affected systems shall be temporarily shut down to secure our application systems. We appeal for the public’s understanding regarding the matter,” the organization said.

In an update on Monday, PhilHealth President and CEO Emmanuel Ledesma said access to Health Care Institution (HCI) member portals and e-claims “were disabled or unplugged immediately as part of the information security containment measures being implemented by PhilHealth.”

“Affected systems shall be restored at the soonest possible time after the completion of the needed configuration and reinforcement of existing information security measures. We are working to restore these systems on Monday, September 25, 2023,” the organization explained.

“PhilHealth’s Management assures the public that the incident is under control and that no personal information and medical information has been compromised or leaked.”

They added that healthcare facilities are still able to provide benefits to those who come and that PhilHealth is “doing its best to enable the affected systems to work on Monday, Sept 25, 2023.”

The Department of Information and Communication Technology (DICT) and several law enforcement agencies are conducting a forensic investigation into the situation.

While systems are down, members and dependents have to provide a photocopy of the member’s PhilHealth Identification Card (PIC) or Member Data Record (MDR) or any identified acceptable supporting documents.

Payments for services have to be made over the counter and cannot be done online. Healthcare facilities will “continue…

Source…