Philippines state well being org struggling to recuperate from ransomware assault

The federal government group that manages the common healthcare system of the Philippines has struggled to recuperate from a ransomware incident that compelled it to take a number of web sites and portals offline.

On Friday morning, officers from the Philippine Well being Insurance coverage Company (PhilHealth) mentioned they found an info safety incident and instantly started an investigation into the scenario with the assistance of a number of different authorities businesses. The federal government-owned entity supplies a nationwide medical health insurance program for the nation’s 114 million residents.

“Whereas investigation is being undertaken, affected techniques shall be briefly shut all the way down to safe our software techniques. We enchantment for the general public’s understanding concerning the matter,” the group mentioned.

In an replace on Monday, PhilHealth President and CEO Emmanuel Ledesma mentioned entry to Well being Care Establishment (HCI) member portals and e-claims “had been disabled or unplugged instantly as a part of the data safety containment measures being applied by PhilHealth.”

“Affected techniques shall be restored on the soonest potential time after the completion of the wanted configuration and reinforcement of present info safety measures. We’re working to revive these techniques on Monday, September 25, 2023,” the group defined.

“PhilHealth’s Administration assures the general public that the incident is underneath management and that no private info and medical info has been compromised or leaked.”

They added that healthcare amenities are nonetheless in a position to present advantages to those that come and that PhilHealth is “doing its greatest to allow the affected techniques to work on Monday, Sept 25, 2023.”

The Division of Info and Communication Know-how (DICT) and several other regulation enforcement businesses are conducting a forensic investigation into the scenario.

Whereas techniques are down, members and dependents have to supply a photocopy of the member’s PhilHealth Identification Card (PIC) or Member Knowledge Report (MDR) or any recognized acceptable supporting paperwork.

Funds for providers should be made over-the-counter and can’t be achieved on-line. Healthcare amenities will “proceed deducting PhilHealth advantages and devise momentary preparations with sufferers who’re for discharge for them to avail of their advantages.”

The group will add 60 days to the submitting interval for claims being made between June and September.

“Employers could submit their stories as soon as the Digital Premium Remittance System (EPRS) has been restored. In the meantime, PhilHealth continues its operations and processes transactions that may be achieved manually whereas configurations are ongoing,” they mentioned.

The assault was claimed by the Medusa ransomware gang, which added the group to its leak website on Saturday.

The gang gave PhilHealth 10 days to pay a number of totally different ransoms, together with $100,000 to increase the ransomware’s deadline and $300,000 to both delete all of the stolen information or obtain it.

The group didn’t say what information was taken or how a lot was exfiltrated.

In an advisory final yr, the Cybersecurity and Infrastructure Safety Company (CISA) warned that Medusa operates as a Ransomware-as-a-Service (RaaS) mannequin and sometimes offers associates 60% of ransoms whereas preserving the remainder.

“Noticed as lately as Could 2022, MedusaLocker actors predominantly depend on vulnerabilities in Distant Desktop Protocol (RDP) to entry victims’ networks,” they wrote in a joint memo with the U.S. Division of Treasury and the Monetary Crimes Enforcement Community final yr.

“The MedusaLocker actors encrypt the sufferer’s information and depart a ransom be aware with communication directions in each folder containing an encrypted file.”

The gang has made some extent of going after government-level organizations, attacking Minneapolis’ public faculty district, an Italian firm that gives consuming water to almost half 1,000,000 individuals, the French city of Sartrouville and Tonga’s state-owned telecommunications firm.

In an interview with CNN Philippines, DICT Undersecretary Jeffrey Ian Dy mentioned Medusa “is now an lively risk not solely to the Philippines but additionally worldwide.”

He added that they’re coordinating with worldwide companions to assist recuperate from the incident. Medusa actors have been of their techniques since June, in line with a preliminary evaluation, and he defined that presently, the primary concern is that worker information was stolen in the course of the assault.