Cyber Incident Victim: Philippine Health Insurance Corporation
Date:
Sep 2023
Location:
Philippines
Summary
A cyberattack forced the Philippine Health Insurance Corporation to temporarily shut down several of its online systems, including its website, member portals, and electronic claims processing. The state insurer stated that no personal or medical information was leaked and that the incident was under control. While restoration work was underway, operations continued manually. Multiple government agencies were engaged to assist with the forensic investigation and assessment of the attack.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the morning of September 22, 2023, the Philippine Health Insurance Corporation (PhilHealth) experienced a significant cyberattack that forced the temporary shutdown of several of its critical online systems. The state insurance company immediately initiated an investigation and began implementing containment measures to control the incident. In an advisory issued that same day, PhilHealth informed the public of the resulting system downtime while it worked to address the threat. The attack rendered the corporation's official website, its HCI portal, member portals, and its electronic claims (e-claims) system inaccessible to the public and members. Despite the widespread system disruption, PhilHealth assured the public that its operations would continue, with the processing of transactions being handled manually or over-the-counter while the IT infrastructure was being secured and reconfigured.
By September 23, PhilHealth provided an update stating that the incident was under control and that no private data, including personal or medical information, had been leaked or compromised as a result of the attack. The corporation announced that affected systems would be restored at the soonest possible time following the completion of necessary configuration changes and the reinforcement of existing information security measures. A specific timeline was given, with PhilHealth stating it was working to have these systems restored by Monday, September 25, 2023. Multiple government agencies were engaged to assist in the forensic investigation and overall assessment of the incident. These agencies included the Department of Information and Communications Technology, the National Privacy Commission, and the Cybercrime Units of both the National Bureau of Investigation and the Philippine National Police. As of the evening of September 23, the PhilHealth website remained inaccessible, and the corporation stated it would issue a further public advisory once all affected systems were fully operational again.