The Data Protection Officer (DPO) of PhilHealth issued a public advisory on the evening of October 2, concerning the Medusa Ransomware cyberattack that took place on September 22, 2023.
According to PhilHealth officials, some data stored on their servers and local stations were compromised, necessitating the disconnection of certain systems from their network for remediation. This action led to the temporary suspension of key Internet-based services while the remediation process was underway.
While it is commendable that PhilHealth is now being transparent about the cyberattack, it is concerning that their DPO and action center utilized email addresses with @gmail.com domains for their official functions, specifically phic.actioncenter2023@gmail.com and phic.dpo@gmail.com, as points of contact for the public advisory.
It is considered best practice (and should be made mandatory) for government agencies to use *.gov.ph domain names for official email addresses. This provides a level of assurance to the public that the addresses they are interacting with are from official government sources.
Presently, multiple government agencies and their regional branches, including the Philippine National Police (PNP), the Armed Forces of the Philippines (AFP), the Bureau of Corrections (BuCor), and the Supreme Court of the Philippines, employ @yahoo and @gmail email addresses for official communications.
This practice exposes users to risks, as it presents opportunities for cybercriminals and scammers to target public citizens, government agency staff, and executives through phishing, spear-phishing, and social engineering. Such attacks can result in financial losses through scams and the installation of malware on their systems, including ransomware.
Numerous internet users have expressed concerns about PhilHealth’s use of @gmail.com addresses in its public advisory.
The fact that PhilHealth posted a public notice using free, non-government email addresses in the midst of a cyber-crisis further endangers the public, as anyone can create imitation Yahoo, Gmail, Hotmail, or other free email addresses that resemble official PhilHealth entity addresses in the wake of the current crisis. These can then be used to further victimize the public or infiltrate other government agencies.
According to cybersecurity firm Kaspersky, the Philippines ranked as the second most targeted country for cyberattacks in the world in 2022. The widespread use of free email addresses across Philippine government agencies leaves both the government and its citizens vulnerable to additional scams and cyberattacks.
It is essential to mandate government agencies to use @*.gov.ph email addresses to break this cycle of Filipino cyber victimization.
The author is a member of Democracy.Net.PH, an ICT rights, governance, development, policy, and security advocacy group
