The hacking incidents have pushed Sen. Alan Peter Cayetano to state that the Department of Information and Communications Technology (DICT) urgently needs confidential funds to upgrade the government's protection from cyberattacks.
The Department of Information and Communications Technology (DICT) said on Monday, Oct. 16, that the website of the House of Representatives (HOR) is back online even as the agency is investigating a “person of interest” who may have perpetuated the hacking incident.
Saying it is the first such initiative it has undertaken, the National Privacy Commission (NPC) has launched the "Na-leak ba ang PhilHealth Data ko?", a database search portal designed to help individuals verify the status of their personal information in light of the recent hacking incident against PhilHealth.
On October 8, Sunday, an actor on Facebook posted download links to data files belonging to the Philippine Statistics Authority (PSA), and potentially the Department of Science and Technology's (DOST) OneExpert system, and the Philippine National Police (PNP) Forensic group.
The Philippine Statistics Authority (PSA) confirmed on Wednesday, Oct. 11, that its IT system was hacked but claimed the breach was only limited to its Community-Based Monitoring System (CBMS) based on its initial assessment.
While it is commendable that PhilHealth is now being transparent about the cyberattack, it is concerning that their DPO and action center utilized email addresses with @gmail.com domains for their official functions.
Cyberint noted that hackers (mostly “infostealers”) have turned to “vishing” and “smishing” to lure Filipinos to divulge personal information, and worst, to take control of personal accounts, found in e-wallets, etc.
According to security researchers, as of 3:20pm Manila time, the Medusa Ransomware group may have already published the PhilHealth data files obtained from the ransomware cyberattack which occurred on Sept. 22, 2023.
According to the countdown timer on the Medusa blog on the dark Web, the files they supposedly exfiltrated from PhilHealth's systems will be released on October 3 Philippine time if the $300,000-ransom is not paid in cryptocurrency.