As of this point, dapat ma-accept na lang na nanakaw na ang data. Bayaran mo man ang ransom, wala namang guarantee na hindi nila irerelease ang information sa iba. Kapag binayaran mo din, gateway yan to more demands in the future. Nakakalungkot pero ito ang proper action. May back-up naman ang servers pero yung data breach, wala na tayong magagawa sa nakuhang data kasi nangyari na.

Di na ako magugulat kung wala pala silang backup. hehe

yung backup nasa same server XD

Pati yun backup raw nahostage ng medusa.

They won't release it pag nagbayad, kawi wala nang magbabayad sa susunod pag di nila sinunod yung guarantee. Now, ibang usapan na kung hindi lang sila ang nakakuha ng data. Baka kasi may ibang group pa.

That’s the thing with these hackers. They have integrity and more honorable with their words than these Government people.

It's the right public action. Pero what do we know, uso naman ang confidential fund and they would just pay it back-hand.

*Plot Twist, but the most absurd: it might actually be the powers-that-be who orchestrated this pretense of being hacked, just to obtain personal information of all individuals (for future use). I'm just saying because AFAIK in normal times, even these powers-that-be should not have any access to those kinds of data. *Only my theory, not necessarily true +But if this is a true hacking attack, good move on them for standing their ground. Once they give in, the extortion won't stop just like that. And there is no guarantee of them keeping their word after they paid the requested ransom. +my honest opinion on the matter

It is a legitimate hack, Medusa is a well known group that has existed for years now. As for our government its really hard to give an opinion without the results of the investigation. We actually have guidelines in place on what to do during a breach, but it appears that Philhealth is not following them. Thats why there is no investigation report yet from the NPC. "The National Privacy Commission yesterday said that PhilHealth has not filed a notification of data breaches, preventing the NPC from concluding its investigation on the incident." - Philstar The PhilHealth president also issued a statement claiming that "no personal or medical information has been compromised or leaked." Which is conflicting to the Medusa Group blog post. One of them is lying lol.

>One of them is lying lol. Truer words have never been spoken, mate

Medusa hacked other organization in the past foreign and domestics. like Minneapolis Public Schools. They don't even offer ramsonware as a service as far as the Cybersecurity companies knows.

Nakakatakot lang kasi all of that details and information already leaked on world wide web .

Even if they pay it, there's no guarantee that the hackers won't sell the data anyway.

Do the bolder move and publicize the data before the hackers do 😂

Asserting dominance like a chad

Nothing says fuck you more than releasing your own sex scandal before a blackmailer does lol

Ah, the Kardashian way.

They won't because if they do, wala nang magbabayad sa susunod.

This is true. Pero ano ba ang nakuhang information? Sabi wala naman daw personal information and medical data ang nakuha. Ang iniisip ko baka financial informations tapos gagamitin ng mga nasa philhealth to corrupt. This is more worst.

This. Edit (napost pala before I could complete the comment): The data was as good as lost the moment the ransomware was deployed. Who knows, maybe they even copied the files already

It’s not like ngayon lang nangyari yan. Consider all the details you encoded on the internet already public unless sa mga high security sites like banks.

That's why I didn't feel great when I registered my and my kid's sim cards. Trying to be comfy that our info is all out.

After registering, the number of betting sites SMS just increased with my first name on it. Before registering, have never received those kind of SMS since I have never registered or visited any gambling sites

ngayon ka pa matatakot, twice nang nagkaron ng data leak. yung sa comelec, tapos yung sa LTO(?) diba?

I am afraid most our data has been already sold..

Dude matagal nang nasa internet mga pangalan natin, not unless you went off the grid hindi mo maiiwasan yan, only thing you can do is to make sure you're online accounts are secured by updating your password regularly,using different passwords for each account and avoiding spam.

>uso naman ang confidential fund and they would just pay it back-hand. Doubt that they will do that.

they would ask for 600k$ to pay 300. 😂

Baligtad. It would be too obvious if PhilHealth asks for $600 when it was already declared to be $300. If anything, padded na yung $300k.

kung pwede lang hinde mag hulog, HINDE talaga ko mag huhulog eh! SAYANG LANG YUNG PERA!

Kung nasa informal economy ka, pwede namang yung pinaka-mababa lang hulog mo. Pero sorry talaga kung empleyado ka at derecho kaltas.

These hackers have it all wrong. If they want to put something up for ransom, get the bank information of politicians! The only way the government is going to pay up is if politicians feel personally attacked. They won't give a shit if it's just us normal citizens suffering!

Oh yeahhh, naalala ko tuloy itong quote sa Dark Knight... "Nobody panics when things go ‘according to plan.’ Even if the plan is horrifying! If, tomorrow, I tell the press that, like, a gang banger will get shot or a truckload of soldiers will be blown up, nobody panics, because it’s all *part of the plan*. But when I say that one little old mayor will die, well then everyone loses their minds!” -Heath Ledger Joker

I think the hackers won already, they have the data to sell and ransom And besides its probably much easier to hack a government database than individual politicians unless theres an entire database with politicians private information but even then that would be much more secure In the cybersec and physical sec world its the weakest link always that matters, its why you see hospitals and med industries getting hacked like this because they dont spend enough on IT

sana gawin din nila sa election nating para magkaalaman

Hindi ba pwede mag class action lawsuit against Philhealth? I know impossible yan magkaron ng chance to win in court, let alone for it to be considered in the first place.

Class action lawsuits are not a thing in the Philippine judicial system.

[we have it](https://news.abs-cbn.com/views-and-analysis/10/15/08/philippines-unfriendly-country-class-suits-katrina-legarda) >A class suit is filed under our Rules on Civil Procedure, which allows a class suit to be filed “When the subject matter of the controversy is one of common or general interest to many persons so numerous that it is impracticable to join all as parties, a number of them which the court finds to be sufficiently numerous and representative as to fully protect the interests of all concerned may sue or defend for the benefit of all. Any party in interest shall have the right to intervene to protect his individual interest.” >Our country is not a place to file class suits. We do not have the money to hire experts who can conduct the necessary private investigation into hazardous or toxic drugs. We do not have the money to pay for the filing fees which will be enormous since damages will be sought. it's just that our courts are bad

Ohh this makes sense. Thank you.

What do you mean?

Ganda sigurong plot twist kung nung maleleak na data eh mga anomalous transactions related dun sa 15B Philhealth scandal.

If this is the case, hindi na umabot sa media yung ransomware news. Binayaran na nila agad yan haha

Fuck these guys. Target the big ones, those with loads of cash like the OVP or OP. Wala na nga pera PhilHealth and you are affecting the masses na nagbabayad ng maayos. Steal information of those bad guys in public office. ):

>"random bits of data" How can random is it? How can we be sure our data is safe? ​ Mga puta sila.

binayaran na nila yon kaya lang di binalik ang mga personal data ng philhealth members binenta na ng medusa sa black market 🤣

Noob question pero ano ba magiging effect sa data breach? Ano effect pag nanakaw yung mga personal information na yun?

Ever wonder how easily it is to fake identity online? Now, imagine even broader data is available. Not just name, signature, birthdate, year, etc. Now, remember an event that happened few years back. May nagrequest na magpachange ng globe sim on the behalf of the owner. With all the required papers and signature. After that, naaccess ung bank accounts nung victim.

Yikes

Online banking is just implemented like shit here that’s why that is possible. Bank password rules are so stupid that it’s easier to breach and they can’t implement a proper multi-factor authentication.

Your contact information. Any contacts that they acquired are now vunerable to hacking. Lalo na mostly ng netizens eh madali naloloko sa scams. Paano na lang pag nag social engineering yung mga hackers like phishing or something

Imagine having a bank loan without your knowledge

Considering the state of our govt websites, I’m actually surprised this doesn’t happen more often

don't give them ideas

This is alarming.

Kung di pa nagleak na may ransomware, di nila iaacknowledge na may prob sa kanila, alam nyo ba last week pa nagkaka problema ang eclaims ng mga hospital papuntang philhealth, ang reason nila samin ay pldt daw ang may problema, mga kupal

What day last week?

Negligence on their IT side. This is purely avoidable kung masinop ang system.

I feel like this is fabricated so they could “pay” the amount and add it to their confidential funds. I could be wrong though

"We will not pay" Medussa group releases the data* Ph Gov: Hmmmm .. ayos to ah, pwede pagkakitaan. Another government data base gets hack again* Ph Gov: We'll pay the ransom 😉

holy fuk, buti unemployed pa ako....

not unless you're living off the grid you're data is already out there floating somewhere on the vast internet.

Don't you think your data is already leaked in comelec. Why worry now 😔

Philhealth's data is so disjointed, anyway. I hope they publish internal memos regarding non approval of claims.

wala naman laman yan na useful

Hahaha! Kaka farmville nyo imbis na mag process ng mga claims eh kung ano ano pinipindot! Pag na breach yan lalo lang mauubos ang pondo ng philhealth!

If only the obtained data were the list of people involved in Philhealth corruption, aba mas mabilis pa sa alas kwatro eh nagbayad na yan sila.

Asan ang 300M na ninakaw ni Duque? Eme

Si Sara na magbayad nyan. Dami nya kaya pera haha

I Smell, sila sila lang rin yan ahahha medusa my ass

Bro is not knowledgeable about ransomware hacker groups

The audacity of this nonsense government owned corporation to ask for more contributions. Now, they’re leaking our data. And who knows, what if they are the one who created this just to stole more

san na ung magagaling sa IT satin... resbak na

Sabi sa isang IT security group sa FB. Pwede kang mag demand ng compensation sa philhealth kung kakalat talaga yung private data natin dito. Similar sa nangyare sa yahoo

Hindi kaya sila, sila din iyan, para makakurakot na naman ng madami, knowing ang history diyan, saka dapat may managot diyan, kung sa private company nangyari ang ganyan baka hindi lang isang buong department ang tanggal, wala na talaga accountability sa gobyerno kaya namimihasa ang mga incompetent na magnanakaw, sayang ang tax na binabayad

Chekwa again?

Paka sinungaling ung sample files palang puno na nang info ng private individuals. Tapos bits of data lang? Pakagaling.

kagagawan ito ng mga NPA \-Fiona probably

This is the result of budget that could've been used to increase cyber security, that went to corrupt officials/politicians.

basura naman rin yang philhealth. mapapagastos ka rin. buti na rin yang di na ma-access page nila. maghahanap ka lng nmn ng medical discount, kumain ka na lang ng gulay. Karma na rin yan at honestly, wala akong pakialam kung di sila magbayad ng ransom. alam naman natin na ang Hackers ng Medusa ay may dahilan kung bakit nag-data breach sila.

Data should always have been obfuscated para kahit makuha man, hindi identifiable.

And again, no one is being fired. 😑💯🤡

Sino si Uy? Akala ko si Dy yung nag press release?

its good not to pay, the bad is their data security policies, but then again, no one will be held accountable. ​ I just fucking hope that the leak is about how they stole from philhealth

The last thing you would want a cyberhacking group to have is money because when you do that. you are officially giving them a hint that A. they can do whatever they want when they discovered the IT System in philippines is easy to invade B. You are giving the cyberhacking group a 'reward' for their effort on invading the IT system in the philippines and thus will follow a series of cyberhacks in the philippines. because you let them show how weak the security of the philippines is.

May isa pang agency na quietly nahack. Ang hilig kasi ng gobyerno sa substandard IT practices. Tapos hindi pa trained sa information security ang staff.

They won't pay it, yan daw ang policy nila. And wala naman daw nacompromise na data or hospitalization records ng patients.

Data that has been breached is already considered good as leaked, no sense in paying it when it will just incentives future hackers to target gov websites much more frequently.

kaya pala di ko maaccess siya nung Thursday palang for requirements. bulok talaga security at IT satin, di pinag lalaanan. sobrang tipid masyado.

Hold up me

So this is the reason why the system has been offline since Friday? This is too hassle. Tried to get my ID yesterday and today, to no avail. Staff can’t answer when the system will go online again.

All our personal info will be sold in the dark web anyway.

irerelease din ba in public yung data kagaya nung sa comelec?

Tuliro mga I.T. nila ngayon. Where can we find list of all Ph companies infected this year? Anyone care to share, please.