CASE STUDY ANALYSIS

Submitted by: Robles, Daphne S.

Section: 1BCRI- 2A10
Date: November 18, 2024

Submitted to: Mr. Avelino Ocampo

Subject: Cybersecurity 2
 CASE # 1

Title: Philhealth was paralyzed by Ransomware Attack

1. Introduction: PhilHealth, or the Philippine Health Insurance Corporation, is a

government-owned and controlled corporation (GOCC) that provides health insurance
coverage to all Filipinos. PhilHealth's purpose is to ensure that all citizens of the Philippines
have affordable, accessible, and acceptable health care services. PhilHealth was created in
1995 through the National Health Insurance (NHI) Act, or Republic Act 7875. In 1997,
PhilHealth took over administering the former Medicare program for government and private
sector employees.
2. Problem Statement: On September 22, 2023, the government's health insurance program
was affected by a Medusa ransomware attack on the Philippine Health Insurance Corporation
(PhilHealth), which had 65.05 million beneficiaries who were classified as direct contributors
in 2022.
3. Background: The Department of Information and Communications Technology (DICT)
was aware of the attack as early as 9 am and has been actively coordinating with PhilHealth
to assess the impact and secure compromised systems.
DICT Undersecretary Jeffrey Ian Dy confirmed the incident and identified the attack as a
Medusa ransomware attack, a type of malware that encrypts files and demands a ransom
payment for the decryption key.
The Philippines is in the process of joining the Counter Ransomware Initiative (CRI), a
global coalition launched in October 2021 by countries including the US, Australia, Canada,
the United Kingdom, and the Netherlands, aiming to improve international cooperation on
ransomware prevention, detection, response, and recovery.
This attack on PhilHealth is part of a series of escalating cyberattacks targeting government
agencies and businesses in the Philippines, emphasizing the importance of fortified
cybersecurity measures and international collaboration to combat advanced cyber threats.
4. Case Analysis:
- Attack Vector: Philhealth
- Timeline of Events: September 22, 2023
- Human Factors: N/A
 - Technical Factors: Their system are frozen and inaccessible for the mean time unless
they pay for the ransom.
5. Impact:
- Financial Impact: Their system are frozen which makes their operation stop for the mean
time.
- Reputation Damage: NONE
- Consumer Impact: The services of the Philhealth are frozen which makes their
transaction postponed.
6. Solutions and Alternatives:
- Proposed Solutions: Since they experienced this type of hacking, they should be able to
find their vulnerability in order to fix their system. They should also have a regular check up
for their system’s security.
- Alternatives: They should have another way of transaction in services in order to not
affect the consumers.
7. Recommendations: The government is considering joining foreign securities in order to
improve their system to avoid these type of attacks.
8. Conclusion: The purpose of this type of attacks is to gain money and in this type of attacks
even the government are not exempted.
 CASE # 2

Title: Comelec was hacked?

1. Introduction: The Philippines’ data privacy watchdog and top law enforcement agency are
investigating allegations that electoral systems being used for the country’s upcoming general
election were hacked. The Manila Bulletin, the Philippines’ largest English-language
newspaper, published claims from an anonymous source that the servers of the Philippines
Commission on Elections (COMELEC) were breached on January 8, and that attackers
downloaded more than 60 GB of data.
The data included usernames and PINs of vote-counting machines, as well as “network
diagrams, IP addresses, list of all privileged users, domain admin credentials, list of all
passwords and domain policies, access to the ballot handling dashboard, and QR code
captures of the bureau of canvassers with login and password”, reported the Manila Bulletin.
The data was also alleged to include a “list of overseas absentee voters, [the] location of all
voting precincts with details of board of canvassers, all configuration list of the database, and
list of all user accounts of COMELEC personnel”.
2. Problem Statement: COMELEC said in a statement dated January 10 that it was
“presently validating the allegations”, but added that “usernames and PINS of vote-counting
machines” did “not exist in COMELEC systems simply because the configuration files –
which includes usernames and PINs – have not yet been completed. This calls into question
the veracity of the hacking claim”. COMELEC also said the Manila Bulletin failed to offer
proof of its claims that it had “verified that there was an ongoing hack”.3. Background:
4. Case Analysis:
- Attack Vector: COMELEC
- Timeline of Events: January 2022
- Human Factors: N/A
- Technical Factors: It is said that the data of the vote was breached due to its system being
hacked.
5. Impact:
- Financial Impact: NONE
- Reputation Damage: The people are doubting its result of the vote knowing that it is
allegedly hacked
 - Consumer Impact: None
6. Solutions and Alternatives:
- Proposed Solutions: The COMELEC states that the hacking was impossible because
their encryption system is not yet completed.
- Alternatives: NONE
7. Recommendations: Their users private details should be encrypted not in the system but
in another system in order to save their user’s private details without exposing it.
8. Conclusion: These type of attacks occur because the purpose of the hacker is to access the
user’s private details. If some of them are important person it can be used in a lot of things,
even if the user is just a normal person it’s details can be use in other cybercrime like identity
theft and scamming.
 CASE # 3

Title: Supreme Court Data Breached

1. Introduction: The Supreme Court of the Philippines is the highest court in the country
and is responsible for a number of functions. The Supreme Court has both original and
appellate jurisdiction, including cases involving ambassadors, public ministers, and
consuls. The Supreme Court has the power to create rules for all courts, including rules for
pleading, practice, and procedure, as well as rules for admission to the practice of law. The
Supreme Court is responsible for the administrative supervision of all lower courts. The
Supreme Court is located at Padre Faura Street, Ermita, Manila.
The Chief Justice and Associate Justices are appointed by the President from a shortlist of
candidates submitted by the Judicial and Bar Council. The Supreme Court's motto is "Batas at
Bayan" which translates to "Law and Nation".
2. Problem Statement: On August 28, 2024, a social media post went viral claiming that the
Supreme Court of the Philippines experienced a significant security breach on August 27,
2024. This breach allegedly exposed sensitive legal data of over 13,000 records, including
names, case details, and payment information, from the Judicial Electronic Payment System
(JePS)
.3. Background: The Supreme Court and its service providers launched an immediate
investigation and, as of this afternoon, found no evidence of a breach or indication that
sensitive data was compromised. The Court will continue to investigate further, employing
the right amount of redundancy by approaching the investigation from many angles. As a
precautionary measure, and although regularly done, we will do another round of
Vulnerability and Penetration Testing (VAPT) assessment and have asked our providers and
partners to do the same. We are also going to conduct another external review of our
cybersecurity systems. We assure the public that in its current efforts to digitalize court
processes, the Court has always given priority to cybersecurity and taken the necessary
precautions in terms of training, access, and the use of the needed applications and hardware.
We have layers of in-house and external cybersecurity.
We are aware that hacking data from institutions such as the Judiciary is tempting. We remind
the public that our systems are professional, state-of-the-art, robust, and capable of
identifying and tracing the sources of any form of attack. We also remind the public that any
attempt to gain unauthorized access or compromise our systems, as well as releasing sensitive
and private data without proper authorization, are criminal acts. Finally, part of the Strategic
Plan for Judicial Innovation 2022-2027 (SPJI) is the eCourt PH version 2.0, which includes
making public all pleadings, motions, and orders that are not confidential nor covered by any
privilege in due time. This is the Court’s contribution to transparency and commitment to the
constitutional mandate of conducting public trials without compromising the constitutional
rights of any party. We ask for patience from the public as we set up our systems in the right
way.4. Case Analysis:
- Attack Vector: Supreme Court of the Philippines
- Timeline of Events: August 28, 2024
- Human Factors: NONE
- Technical Factors: NONE, it was only allegedly but they are still investigating further in
order to make sure that everything is fine.
5. Impact:
- Financial Impact: NONE
- Reputation Damage: It was a big shock to the netizens knowing that it includes the
Supreme Court of the Philippines.
- Consumer Impact: NONE
6. Solutions and Alternatives:
- Proposed Solutions: Even if it is not proven, they are doing a thorough investigation in
order to be sure that nothings wrong.
- Alternatives: They should increase their security measure in order to be sure that their
system cannot be penetrate.
7. Recommendations: Their system should regularly undergo system attack in order to pin
point if they have vulnerability in their codes.
8. Conclusion: A huge government agency like Supreme Court of the Philippines should
have a double or triple security measure so that the hackers cannot enter easily. An agency
like them contains a lot of confidential data that should not be exposed to other people
especially hackers.