Philippines health insurer hacked: What we know
/ Photo: JAM STA ROSA - AFP
-
Trash, mulch and security: All jobs for troops in Washington
-
NFL legend Brady to play in March flag football event at Riyadh
-
Lower US tariffs on Japan autos to take effect Tuesday
-
US strikes second alleged Venezuelan drug boat as tensions mount
-
Protesting Peru residents block trains to Machu Picchu
-
US strikes another alleged Venezuelan drug boat as tensions rise
-
White House vows to take on left-wing 'terror' movement after Kirk killing
-
Brazil's Amazon lost area the size of Spain in 40 years: study
-
US Senate poised to advance Trump aide's appointment at Fed
-
Sri Lanka survive Hong Kong scare for four wicket Asia Cup win
-
Arab, Muslim leaders urge review of Israel ties after Qatar attack
-
Mbappe 'not anxious' over Champions League goal as Bellingham returns
-
Huge pot of Nigerian jollof rice sets Guinness record
-
Heartbreak will help Arsenal's Champions League charge: Arteta
-
Europe stumped by Trump demands over Russia sanctions
-
Cycling fears spread of race-halting protests after Vuelta chaos
-
US, China reach 'framework' deal on TikTok ownership
-
'With our fists if necessary': Venezuelans prepare to defend homeland against potential US invasion
-
Duplantis thrives on Tokyo energy to break world record again
-
Ex-France defender Umtiti calls time on club career
-
One in six US parents rejecting standard vaccine schedule: poll
-
Sheffield Utd appoint Wilder for third managerial spell
-
UAE hammer Oman in Asia Cup to keep Super Four hopes alive
-
Activists on trial as France debates right to die
-
Duplantis reaches new heights, Beamish makes Kiwi history at worlds
-
Frank relishing Champions League debut with Spurs
-
Spanish PM calls for Israel to be barred from international sport
-
UK aristocrat, partner get 14 years for baby daughter's manslaughter
-
US says 'framework' deal with China on TikTok ownership
-
Shootings 'unjustified' in Bloody Sunday killings, Belfast court hears
-
Three French women accused of IS links go on trial
-
'Stoked' Beamish stuns tearful El Bakkali for world steeplechase gold
-
Israel attack aimed to halt Gaza talks, Qatar emir tells emergency summit
-
Stocks push higher ahead of expected US rate cut
-
Duplantis sets new pole vault record as retains world title
-
US announces 'framework' TikTok deal with China
-
Kiwi Beamish stuns tearful El Bakkali for world steeplechase gold
-
Mbappe not anxious over Champions League wait: Alonso
-
Japan medal hope Muratake relishing stage at Tokyo worlds
-
Right-to-die activists on trial in France as lawmakers debate end-of-life bill
-
Singing British hurdler Donovan in tune on world debut
-
'Multiple concussions' force France lock Willemse to retire
-
Athletic 'not afraid' of Arsenal on Champions League return: Inaki Williams
-
Hatton's family speak of 'immeasurable' loss after boxer's death
-
Rubio promises 'unwavering support' for Israel in Gaza goals
-
Stocks diverge ahead of expected US rate cut
-
Alfred out of world 200m with hamstring strain
-
Ex-British soldier goes on trial in landmark Bloody Sunday case
-
Pro-Palestinian protestors invading Vuelta course 'unacceptable': organisers
-
Fruit fly tests in Greece target invasive species threat
NYSE - LSE
Philippines health insurer hacked: What we know
Hackers have stolen the personal data of potentially millions of people from the Philippines's national health insurer, which has urged members to change their passwords after the "staggering" cyberattack.
The hackers have started releasing files including confidential memos from the stolen data to pressure the government into paying a $300,000 ransom.
Here is what we know so far about the attack, which was discovered by the Philippine Health Insurance Corporation (PhilHealth) on September 22:
What did the hackers steal?
PhilHealth and the government have yet to say exactly how many people have been impacted, but the insurer warned members in a notice that data such as addresses, phone numbers and insurance IDs was compromised.
As of June 30, according to its website, PhilHealth had more than 59 million direct and indirect contributors -- more than half the population of the Philippines.
PhilHealth asked members to monitor credit card transactions and change passwords, especially for financial services.
Separately, employee information was also stolen from the targeted computers.
The hackers released some of the data on the dark web, showing health memos and other information that a top government official described as confidential.
An investigation into the scale of the attack is ongoing, but the National Privacy Commission has described the amount of data stolen as "staggering".
Who are the hackers, and what do they want?
The Philippine government has referred to the attackers as the Medusa group, who have demanded $300,000 to restore access to PhilHealth computers and delete the stolen data.
MedusaLocker, first detected in late 2019, has been used to mainly target healthcare organisations and its creators took particular advantage of the emergency situation during the Covid-19 pandemic, according to a US government report.
The ransomware has been sold to criminal actors, and a US government cybersecurity advisory said its creator receives a cut of any ransom.
It was not clear if the Medusa group identified by the Philippines government is the creator of or an entity that purchased MedusaLocker.
How did they get the data?
On September 22, PhilHealth staff were unable to access a number of computers, which displayed a message saying hackers had locked the machines and encrypted the data.
The insurer shut down the affected systems to try and stop the attack from spreading, slowing or entirely shutting down some online services for days.
The government has so far not said exactly how hackers got access to the computers.
But in interviews with local media last week, senior PhilHealth official Israel Pargas said the insurer did not have an antivirus software at the time of the attack.
How has the government responded?
With a blunt 'No'. The Philippines does not pay ransom in any criminal cases, including cyberattacks, officials have said.
However, with hackers releasing more data from the stolen files, calls have grown for the government to conduct an audit of its cyber defences.
The National Privacy Commission said Saturday it has started an investigation into any potential lapses and data law violations by PhilHealth.
The NPC said its analysis of 734 GB of stolen data revealed "sensitive personal data", and warned the public that anyone who downloads this information could face criminal charges.
T.Ward--AMWN
