The Philippine Health Insurance Corporation, which manages the country's universal healthcare system, had its websites and portals disrupted by a Medusa ransomware attack last week, from which it is struggling to recover, reports The Record, a news site by cybersecurity firm Recorded Future.
Impacted systems, including Health Care Institution member portals and e-claims, have been immediately shut down following the discovery of the incident on Sept. 22, said PhilHealth President and CEO Emmanuel Ledesma.
"Affected systems shall be restored at the soonest possible time after the completion of the needed configuration and reinforcement of existing information security measures. We are working to restore these systems on Monday, September 25, 2023," noted PhilHealth.
Such an attack was admitted by the Medusa ransomware operation a day after its discovery, with the group demanding $300,000 for the deletion of all stolen data and another $100,000 for the extension of the payment deadline. No information regarding the exfiltrated data was provided by Medusa.
BleepingComputer reports that Knight ransomware was observed by KELA threat analysts to have the third iteration of its source code posted for sale by the operation's representative, Cyclops, on RAMP forums.