Ransomwared health insurer wasn't using antivirus software

PhilHealth blames government procurement rules for license expiry and issues phishing warnings

A recent ransomware attack on the Philippine Health Insurance Corporation (PhilHealth) occurred while the organization's antivirus software subscription had expired.

PhilHealth was attacked around September 22 and shut down many of its systems to battle an infection for which the Medusa ransomware gang claimed responsibility.

The incident saw a huge leak of personal information. PhilHealth was also slow to restore service, delaying medical matters for many.

Filipinos are justifiably outraged that their national health insurer was attacked and disrupted.

But they can express stronger emotions still – because on Monday local media outlet GMA's 24 Oras program reported the attack took place while PhilHealth was not running antivirus software. The insurer's license had apparently lapsed several months before, but government procurement regulations made it impossible to renew.

It's not unusual for government agencies in developing nations to use unlicensed software, when commercial licenses are often priced beyond their means. In 2021, for example, The Register covered an outage at Pakistan's Federal Board of Revenue that it swore could not have been caused by unpaid licenses because it caught up on its bills. Your correspondent also once spoke to a major vendor of design software that had 500 people show up to a conference in India – a nation in which it had sold no licenses and in which users felt they could pirate with impunity.

Whatever the reason for PhilHealth's security fail, its repercussions are serious: personal information has reached the dark web.

The insurer on Sunday posted a press release warning customers to ignore unexpected calls, messages, and emails asking for passwords and other information.

The insurer also "appealed to refrain from further circulating leaked data as it has dire consequences under the law," including up to 20 years in jail.

As if that will scare ransomware and phishing scum.

PhilHealth is presently using antivirus software – reportedly a trial license that expires in 30 days. ®

More about


Send us news

Other stories you might like