PhilHealth warns stolen employee data may be used for phishing, other illegal online activities

Metro Manila (CNN Philippines, October 4) — The Philippine Health Insurance Corporation (PhilHealth) on Wednesday said it has called on its affected employees to change their account passwords as data stolen by hackers in the Sept. 22 ransomware attack may be used for illegal online activities.

“They can be used to do some criminal acts like the phishing, they can create account numbers, or your credit card numbers, they can use your private information that’s why we are also advising our people… to change already their passwords in order for them to at least be protected,” Israel Francis Pargas, PhilHealth senior vice president for health finance policy, told CNN Philippines’ The Source.

The Department of Information and Communications Technology (DICT) said on Tuesday hackers have begun exposing on the dark web some PhilHealth data after failing to get $300,000 ransom money (around ₱17 million) from the government. 

Pargas said member or patient data are safe as hackers only got hold of employee information and some research papers.

DICT Undersecretary Jeffrey Dy said initial analysis showed that among the information published on the dark web were PhilHealth employees’ identification cards, including Government Service Insurance System IDs, employee payroll, and other details such as “their regional offices, memos, directives, working files, [and] hospital bills.”

Dy said the department also saw some IDs and pictures, which it cannot confirm yet if these are PhilHealth employees or members.

The dark web is accessible only through a specialized web browser. It uses technology that allows users to stay anonymous, which is being used by criminals to do illegal activities, like the sale and purchase of prohibited items and illegally acquired materials, such as drugs, pornography, and stolen identities.