“IS my data compromised?” is a question most Filipinos are probably wondering after the recent Medusa ransomware attack on the Philippine Health Insurance Corp. (PhilHealth). Imagine your personal data — credit card numbers, health records, even your identity — could be held hostage by cybercriminals. That’s the grim reality for millions as ransomware attacks surge, targeting essential services we all rely on.
I sat down with Steven Scheurmann, the regional vice president of Palo Alto Networks (PANW), to discuss his insights into how essential services such as PhilHealth could prevent, manage and recover from cyber incidents. Right after the Medusa ransomware attack, Scheurmann said that PANW reached out immediately to PhilHealth and offered their services. They are currently engaged in incident response, focusing on three key areas: containing the situation, identifying other compromised areas, and understanding the root cause to prevent future attacks.
So why target PhilHealth? Scheurmann says it’s all about the data. Financial gain motivates cybercriminals to demand ransoms or peddle stolen data on the dark web. In addition to Social Security numbers, credit cards, and health information, they could also target extremely sensitive data. For various illicit purposes, such as identity theft and fraud, this stolen data could be weaponized.
So why target PhilHealth? Scheurmann says it’s all about the data. Financial gain motivates cybercriminals to demand ransoms or peddle stolen data on the dark web. In addition to Social Security numbers, credit cards, and health information, they could also target extremely sensitive data. For various illicit purposes, such as identity theft and fraud, this stolen data could be weaponized.
Scheurmann stresses that even a small amount of compromised data should raise alarms. For organizations, the goal should be 100 percent protection. Sometimes, the motive might even be to embarrass individuals, as in the case of the 2018 SingHealth data breach, where specific information about Prime Minister Lee Hsien Loong was exposed, along with the medical data of 160,000 others.
For those affected by such breaches, Scheurmann recommends changing credit cards and updating personal information. On an organizational level, it’s important to understand how the attack happened. Scheurmann points out that phishing attacks are evolving, now often powered by AI, making them more convincing than ever.
“Employ proactive strategies like regular compliance audits and adopting a zero-trust security framework to fend off future cyberthreats,” Scheurmann added. The zero-trust security framework is a cybersecurity approach that operates on a “never trust, always verify” principle. Unlike traditional models that assume everything inside a network is safe, zero-trust requires every user and device to be authenticated and authorized for each access request, regardless of their location.
Scheurmann suggests that organizations should conduct a thorough analysis after any cyber incident. This involves understanding the organization’s current state, including its inventory of computers, servers and mobile devices. Organizations must also be aware of all potential entry points for cyberattacks and ensure they are secure.
Meanwhile, PhilHealth requested a joint task force to look into the recent cybersecurity attack. The proposed task force would include the Philippine National Police, the National Privacy Commission, and the Department of Information and Communications Technology (DICT). Scheurmann indicated that while it’s unclear if PANW will be part of the task force, they are keen to contribute. Collaboration, according to Scheurmann, is needed for effective prevention and response to cyberthreats.
Looking ahead, Scheurmann emphasizes the need for a shift in mindset from being reactive to proactive. Cyberthreats are not slowing down; they’re becoming faster and more damaging. He points to real-time security measures and the role of AI and machine learning as vital tools in modern defense strategies.
Scheurmann outlined key best practices that organizations, particularly in the public sector, could adopt to defend against ransomware threats.
1. Preparation for extortion threats. Organizations should have a playbook ready for potential ransomware attacks.
2. Visibility. Know your weak spots and have a threat intelligence program in place.
3. Inventory management. Keep an updated inventory of potential areas of compromise.
4. Zero-trust mentality. Implement a zero-trust framework both technologically and culturally within the organization.
5. Incident response plans. Regularly test and update your incident response plans and protective infrastructure.
Click here to view original web page at www.manilatimes.net
