DICT takes over PhilHealth’s digital system after ransomware attack

The Department of Information and Communications Technology (DICT) has intervened to secure the digital systems of the Philippine Health Insurance Corporation (PhilHealth) after it was attacked by the Medusa ransomware.

In a statement, DICT said its National Computer Emergency Response Team took over PhilHealth’s response to the malware attack that occurred on September 22, 2023. The initial response included disconnecting workstations from the PhilHealth network and the collection of logs to trace the fraudsters.

“As of September 25, 2023, PhilHealth’s critical web services are only accessible via their IP addresses and currently ongoing comprehensive security scanning. Efforts to restore the functionality of PhilHealth’s DNS server are underway,” DICT said, adding it is investigating the extent of the breach.

The agency sought to allay fears of Philhealth members that benefit claims would be disrupted as a result of the system shutdown.

“The DICT is committed to ensuring the full restoration of security and stability in PhilHealth systems and to safeguarding government systems and infrastructure from malicious cyber threats,” DICT said.