Weeks after their system was affected by the Medusa ransomware attack, the Philippine Health Insurance Corporation (PhilHealth) confirmed that its partner health facilities can now access the Health Care Institution Portal.
With this development, PhilHealth said there is no longer a need for members to print their Member Data Records (MDR) to avail of benefits.
PhilHealth members can access the PhilHealth Member Portal to check their membership and contributions record, which was recently shifted to manual operations post-attack.
The Member Portal enables members to pay contributions (for self-paying members only) and register to accredited Konsulta providers of their choice to avail of primary care services paid for by the state health insurer.
The agency directed unregistered members (those without PIN) to submit a duly accomplished PhilHeath Member Registration Form together with supporting documents to the health facility to avail of the benefits.
It further added: "the frontline systems are still being restored."
NPC initiative
In response to the attack, the National Privacy Commission (NPC) has launched a dedicated portal to enable Filipinos, particularly senior citizens to verify whether their personal information was part of the leaked data.
NPC said the initiative primarily seeks to safeguard these groups of individuals identified as vulnerable to exploitative acts and serve as a preventive measure to mitigate potential legal risks of criminal liability.
The "Na-leak ba ang PhilHealth Data ko?" portal contains data that pertains to individuals aged 60 years and above, containing an estimated 1 million records out of 8.5 million senior citizens.
It uses the dataset released by the Medusa Ransomware Group, comprising approximately 734 GB of extracted data that are now under scrutiny to update the portal and provide data subjects of all age groups with the information they need.
NPC aims to "regularly" update the database, gradually including information from all age groups affected by the PhilHealthLeak incident.
The commission also recommends individuals affected in the leak to change passwords, enable multi-factor authentication and sign up for account monitoring services.
It added that the portal "exclusively" focuses on the Medusa incident and does not encompass data breaches from other sources or incidents.
"A negative result from this search should not be misconstrued as an assurance of data security in other areas," NPC said.
