While it is commendable that PhilHealth is now being transparent about the cyberattack, it is concerning that their DPO and action center utilized email addresses with @gmail.com domains for their official functions.
According to security researchers, as of 3:20pm Manila time, the Medusa Ransomware group may have already published the PhilHealth data files obtained from the ransomware cyberattack which occurred on Sept. 22, 2023.
According to the countdown timer on the Medusa blog on the dark Web, the files they supposedly exfiltrated from PhilHealth's systems will be released on October 3 Philippine time if the $300,000-ransom is not paid in cryptocurrency.
Meanwhile, the National Privacy Commission (NPC) said it has already been notified about the “Medusa” ransomware attack by state-owned insurance firm PhilHealth.
