TARLAKENYO (Sept. 25, 2023) — The Department of Information and Communications Technology (DICT) has issued guidelines to protect against the Medusa ransomware.
The DICT urged government agencies to review policies on allowing employees to use their own devices for work or bringing home electronic equipment to prevent the ransomware from accessing systems and devices.
These guidelines were issued after the Philippine Health Insurance Corporation (PhilHealth) suffered a security breach last Friday when its website was taken down and hackers stole data.
The still unidentified group installed the Medusa ransomware into the PhilHealth system that encrypted its data. The group has since demanded $300,000 before it gives the decryption key to the encrypted data of the government health insurance agency.
In a statement by PhilHealth President and Chief Executive Officer Emmanuel Ledesma, the agency implemented “containment measures” and assured that no personal or medical information has been compromised or leaked.
“We are currently investigating the matter with concerned government agencies, which include the DICT to assess its extent,” a PhilHealth statement posted on its Facebook Page said.
The agency appealed to the public for “understanding” and promised “to get to the bottom” of the issue.
PhilHealth said it would “institute stronger systems to prevent this from happening again in the future.”
As of Monday night, the PhilHealth website is still inaccessible.