Are your emails safe? After PhilHealth cyber attack, here’s how to spot data breach

October 4, 2023 - 3:44 PM
Philhealth sign ( photo)

Concerned individuals were advised to check their passwords and email accounts due to possible data exposure following the ransomware attack against state insurer PhilHealth.

Kaspersky, a cybersecurity firm, said that stolen data from ransomware attacks may be put for sale on the “dark web,” thus making victims vulnerable to identity theft and other scams.

In a statement, Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky said that cyber crooks can commit violations while using the identities of other people.

“With exposed data, hackers can get to you whether online or offline—-they can send you messages, they know where you live, they can steal your identity and make unlawful financial transactions pretending to be you or hold on to your data to sell it for further financial gain,” he said.

Kaspersky recommended that Filipinos check if their email accounts have been breached or involved in a data breach using the following online tools:

The online service Have I Been Pwned is run by Australian consultant Troy Hunt who wanted to help people assess the severity of data breaches. It was launched in 2013.

RELATED: Twitter hacked, 200 million user email addresses leaked, researcher says

Monitor Firefox, meanwhile, also offers the same type of search feature, as well as allows users to receive alerts in case of intrusions. This platform was launched in 2007.

Kaspersky also advised users to sign up for a two-factor authentication (2FA) if a website or an application allows them to.

“It’s an extra level of security for your online accounts that requires you to enter an additional piece of identity information,” it said.

The company also said that potential victims should change the following concerning their digital assets:

  • Passwords of “all” accounts
  • Security questions and answers to them
  • PIN codes

Moreover, Kaspersky recommended that victims inform other people who are close to them that they have been hacked.

“As soon as you realize your data may be compromised, inform the people in your life of what happened so they can avoid possible scams using your identity, and help you report it to authorities,” the firm said.

Kaspersky also issued additional tips for those whose sensitive information got leaked to prevent further damages. They are:

  • Do not instantly respond to a company requesting details about the incident. Take the time to research a company first. Kaspersky said that this could be a form of a “social engineering attack.”
  • Monitor compromised digital assets for any progress or new suspicious activities.

PhilHealth’s workstations affected

PhilHealth reported its systems were attacked by a ransomware group called Medusa on September 22.

The group demanded $300,000 (P17,063,850) in ransom money for the pilfered information.

RELATED: After Philhealth cyber attack: DICT, PNP-ACG recommend steps to prevent ransomware 

In an update on October 3, the state insurer assured its members that the incident did not affect servers containing their private information.

“PhilHealth’s membership database, claims, contribution and accreditation information which are stored in a separate database are intact and completely unaffected by the said cyberattack,” the agency said.

PhilHealth’s “application servers and employees’ workstations,” however, were hit.

“Hence, files stored locally in the hard drive of the infected workstations may have been compromised. An inventory is being conducted in order to determine the extent of information which may have been ex-filtrated from these workstations,” it said.

In a previous statement, the agency said that it “believed” that the following types of data were exposed:

  • Name
  • Address
  • Date of Birth
  • Sex
  • Phone Number
  • PhilHealth Identification Number