The Department of Information and Communications Technology (DICT) has reported that the hackers responsible for the September cyberattack on PhilHealth have begun exposing the stolen data on the dark web.
According to DICT Undersecretary Jeffrey Dy, the exposed information includes PhilHealth employees’ Government Service Insurance System IDs, payroll data, as well as documents related to regional offices, memos, directives, working files, and hospital bills. It is uncertain whether the published IDs and pictures belong to PhilHealth employees or members.
Dy suggested that these exposures could be seen as “teasers” while the hackers await the government’s response to their $300,000 ransom demand (approximately PHP 17 million). The government has stated its refusal to pay the ransom.
DICT and PhilHealth have asserted that the members’ database, containing private information, claims, contributions, and accreditation details, remains unaffected and “intact” as it was not part of the servers impacted by the ransomware attack. However, there is still a possibility that hackers may obtain members’ information from other sources. Investigations are ongoing to determine if the stolen data includes members’ personal details.