MANILA, Philippines — Hackers have demanded $300,000 or approximately P16 million after breaching the database of state health insurer Philippine Health Insurance Corp. (PhilHealth) on Sept. 22 using the Medusa ransomware, but complying is “not an option,” according to the Department of Information and Communications Technology (DICT).
“COA (Commission on Audit) wouldn’t allow that,” DICT Undersecretary for cybersecurity, connectivity and upskilling Jeffrey Ian Dy told The STAR.
Dy earlier said that the stolen data had been posted on the dark web.
The National Privacy Commission yesterday said that PhilHealth has not filed a notification of data breaches, preventing the NPC from concluding its investigation on the incident.
“As of 2:20 p.m., the Commission has not received any Personal Data Breach Notifications regarding PhilHealth,” NPC Public Information and Assistance Division chief Roren Marie Chin told reporters on Viber.
PhilHealth president Emmanuel Ledesma Jr. earlier claimed that no personal or medical information has been compromised or leaked.