UPDATE ON REPORTED CYBER INCIDENT

We disclosed last 29 March 2023 the inclusion of Intellicare in a list of companies around the globe potentially affected by a zero-day vulnerability found in one of our third-party tools, GoAnywhere Managed File Transfer, a product of our vendor Fortra. Prior to such disclosure, we have already activated our Security Incident and Data Breach Response Plan and disconnected the tool from our systems. Report to the National Privacy Commission was also filed and the vendor, Fortra, was asked to provide clarification on the matter.

Based on our latest information, we remain confident of the safety of our members and employees. Here is what we know and what we did so far:

1. There is still no demonstrable proof to suggest that customer data has been exfiltrated.

2. To augment the capacities of our information security team and as part of our continuing investigation, we have engaged Mandiant, a global cyber security leader, who, as of this time, is conducting an independent forensic investigation. The purpose is to assess the entire Intellicare environment and to ensure the safety of our systems as part of our efforts in improving our security posture in light of recent events.

3. Apart from other measures we do not disclose for strategic reasons, we have implemented a forced password reset for all our members and employees across our different portals following our standard security protocols. Please monitor your access to our portals as we move towards service recovery.

4. Prior to being notified of our inclusion in the list of companies targeted by CLOP, we have deployed on 7 February 2023 the necessary patch designed to resolve the vulnerability in the GoAnywhere tool, as recommended by Fortra.

As a privacy conscious organization, the security of data – Clients and our own – is and will always be a priority. Please accept our sincerest appreciation for your understanding as we endeavor to know more about the situation. We will provide updates as necessary. To reiterate, a dedicated support team has also been deployed. You may email us at dpo@intellicare.net.ph.

Asalus Corporation (“Intellicare”) uses a third-party service provider to analyze non-identifiable web traffic data for us. This service uses cookies. Data generated is not shared with any other party. For more info, see our Privacy Policy.