Philippines health insurer hacked: What we know
/ Photo: JAM STA ROSA - AFP
-
Sexualised deepfakes targeting actress spur German '#MeToo' moment
-
Australia head to World Cup on a high after crushing Curacao 5-1
-
Italy fertility rate fell to new low of 1.14 in 2025
-
Pakistan cricketer Zaman gets two-match PSL ban for ball tampering
-
Oil prices rise, stocks mixed on Iran war uncertainty
-
In Beirut's largest stadium, displaced people with disabilities face 'ordeal'
-
Deposed and detained: Niger president's fate unclear nearly three years on
-
Newcastle say no manager change 'at the moment'
-
Newly-hatched rare Indian bustard chick gets 50-strong guard
-
Stranded whale frees itself again off German coast
-
Archaeologists forced by Mideast war to cut short Iraq digs
-
Stranded whale frees itself again off German coast and disappears
-
Thailand's king endorses new cabinet
-
China bans entombing cremated remains in empty flats
-
Calls grow for 15-year-old Suryavanshi to make India bow
-
Stocks slip, oil swings after report says Trump willing to end war
-
Pakistan cricketer Naseem fined record $71,500 for minister criticism
-
China teen diving prodigy nearly retired after 'reaching mental limit'
-
Myanmar junta chief elected vice-president
-
Russian tanker set to deliver oil to crisis-hit Cuba
-
Iran fires missiles across Middle East as Trump threatens oil hub
-
Indonesia summons Google, Meta for 'not complying' with teen social media ban: minister
-
Wembanyama at the double as Spurs beat Bulls
-
Australia investigates tech giants over social media ban breaches
-
Hindu devotional clubbing sways India's youth
-
Oil slips, stocks rise as report says Trump willing to end war
-
Mind games: How football stars are fuelling chess boom
-
Indonesia trims meals programme: what next?
-
'A very big deal': Canadian astronaut reflects on historic Moon mission
-
US pro table tennis league blasts niche sport into spotlight
-
Iran defiant as Trump threatens to destroy oil island
-
Service Provider Deploys ARIA Cybersecurity's ADR & AZT PROTECT(TM) Solution to Protect Its AI Cloud-Based Service Infrastructure
-
Horizon Aircraft to Report Third Quarter 2026 Results and Provide a Business Update on April 14, 2026
-
Greene Concepts Highlights Be Water(TM) Inclusion in Distinctive Assets' "Everyone Wins" Gift Bags During OSCARS(R) Week
-
Nextech3D.ai CEO Evan Gappelberg Increases Ownership with Open Market Purchase of 500,000 Common Shares
-
NextTrip Unveils Next-Generation Agentic AI-Powered Consumer Engagement Tools Across Global JOURNY Streaming Platforms
-
SideChannel Deploys AI Across Sales, Marketing, and Cybersecurity Delivery Operations
-
Aehr Wins Major New Silicon Photonics Customer with High-Power FOX-XP Wafer-Level Burn-In System for Hyperscale Data Center Optical Interconnect Market
-
Classover Regains Compliance with Nasdaq Minimum Bid Price Requirement
-
Galway Metals Intersects Thick Gold-Antimony Mineralization at South Deposit, Including 6.1 g/t Au and 0.7% Sb Over 28.0m
-
ATHA Energy Initiates Ongoing Site Mobilization in Advance Of 2026 Angilak Exploration Program - Exploration Activities Commencing in April
-
Sun Peak Metals Awarded 100% Ownership of Seven New Exploration Licenses Totaling 632 km2 in Saudi Arabia
-
iFabric Corp Reports Full-Year 2025 Results; Raises Q1 2026 Outlook
-
Clint McKinlay Joins Good Driver Mutuality as President of Sales
-
Wiley Launches "The Black Book of Reshoring: The Essential Guide to America's New Manufacturing Boom" by Douglas Brown
-
InterContinental Hotels Group PLC Announces Transaction in Own Shares - March 31
-
Star Copper Advances Integrated 3D Geological Modeling to Position 2026 Drill Season As Transformational
-
Empire Metals Limited Announces Eclipse Mining Licence Sale Extension
-
MindMaze Therapeutics and Vibra Healthcare Announce Breakthrough RWE Results in High-Dose, High-Intensity Neurorehabilitation
-
Trump threatens to destroy Iran oil island despite claims of talks
Philippines health insurer hacked: What we know
Hackers have stolen the personal data of potentially millions of people from the Philippines's national health insurer, which has urged members to change their passwords after the "staggering" cyberattack.
The hackers have started releasing files including confidential memos from the stolen data to pressure the government into paying a $300,000 ransom.
Here is what we know so far about the attack, which was discovered by the Philippine Health Insurance Corporation (PhilHealth) on September 22:
What did the hackers steal?
PhilHealth and the government have yet to say exactly how many people have been impacted, but the insurer warned members in a notice that data such as addresses, phone numbers and insurance IDs was compromised.
As of June 30, according to its website, PhilHealth had more than 59 million direct and indirect contributors -- more than half the population of the Philippines.
PhilHealth asked members to monitor credit card transactions and change passwords, especially for financial services.
Separately, employee information was also stolen from the targeted computers.
The hackers released some of the data on the dark web, showing health memos and other information that a top government official described as confidential.
An investigation into the scale of the attack is ongoing, but the National Privacy Commission has described the amount of data stolen as "staggering".
Who are the hackers, and what do they want?
The Philippine government has referred to the attackers as the Medusa group, who have demanded $300,000 to restore access to PhilHealth computers and delete the stolen data.
MedusaLocker, first detected in late 2019, has been used to mainly target healthcare organisations and its creators took particular advantage of the emergency situation during the Covid-19 pandemic, according to a US government report.
The ransomware has been sold to criminal actors, and a US government cybersecurity advisory said its creator receives a cut of any ransom.
It was not clear if the Medusa group identified by the Philippines government is the creator of or an entity that purchased MedusaLocker.
How did they get the data?
On September 22, PhilHealth staff were unable to access a number of computers, which displayed a message saying hackers had locked the machines and encrypted the data.
The insurer shut down the affected systems to try and stop the attack from spreading, slowing or entirely shutting down some online services for days.
The government has so far not said exactly how hackers got access to the computers.
But in interviews with local media last week, senior PhilHealth official Israel Pargas said the insurer did not have an antivirus software at the time of the attack.
How has the government responded?
With a blunt 'No'. The Philippines does not pay ransom in any criminal cases, including cyberattacks, officials have said.
However, with hackers releasing more data from the stolen files, calls have grown for the government to conduct an audit of its cyber defences.
The National Privacy Commission said Saturday it has started an investigation into any potential lapses and data law violations by PhilHealth.
The NPC said its analysis of 734 GB of stolen data revealed "sensitive personal data", and warned the public that anyone who downloads this information could face criminal charges.
M.O.Allen--AT
