PhilHealth: 13 million members affected by data breach

MANILA, Philippines — At least 13 million Philippine Health Insurance Corp. (PhilHealth) members have been affected by the Medusa ransomware cyberattack.

“It is really in the millions. Initially, we can surmise that it covers about 13 million data. We are just completing analysis for us to have the complete information,” PhilHealth senior vice president and data privacy officer Nerissa Santiago said at a press conference yesterday.

Santiago said between 600 to 800 PhilHealth employees’ data have also been leaked.

The employees have already been informed, while PhilHealth members are yet to be notified regarding their compromised information.

“Since the involved data subjects are very substantial in terms of number and we have just obtained the database from DICT (Department of Information and Communications Technology) last week, we are still processing and analyzing the data before we can come out with the individual notification,” she explained.

PhilHealth advised the public anew to take the necessary measures to secure their information, especially those online.

PhilHealth president and chief executive officer Emmanuel Ledesma Jr. said the agency is ready to undertake measures to prevent similar cyberattacks as he gave assurances that there would be no disruptions in their services despite the transfer of seven members of the agency’s Executive Committee.

Health Secretary Ted Herbosa said the transfer of the seven PhilHealth Execom members was prompted by the ransomware attack.

Ledesma, however, expressed sadness and surprise over the Board of Directors’ decision to re-assign the seven PhilHealth officials. Investigation, he said, should have been undertaken before the transfer.

But Ledesma said he respects the decision of the board for an “independent check on the management and its officers.”

The Board of Directors, he said, is yet to issue a directive on where the named officials will be transferred or reassigned.

NPC, DICT forge partnership

The National Privacy Commission (NPC) and the DICT have partnered for the implementation of a digital security and privacy quick response (DSPQR) project.

In a statement yesterday, the NPC said the DSPQR project is an innovative complaint-handling system designed to swiftly address privacy violations and concerns.

The NPC added that the project will be integrated into the eGov application under the Government Digital Transformation Bureau.

“This groundbreaking collaboration represents a pivotal step towards ensuring the safeguarding of the digital security and privacy of every Filipino,” the NPC said.

Under the agreement, DICT will allocate resources for the project and establish a framework for regular reporting by NPC.

The NPC will actively engage as an implementing unit of the DICT, focusing on raising awareness, educating individuals and organizations about the project and highlighting its effectiveness in addressing privacy issues and cybersecurity threats.

The NPC will also triage cases involving cybersecurity threats, consumer-related concerns and data privacy issues monitored and reported through the Consumer Complaint Center, Contact Center ng Bayan, National Computer Emergency Response Team and the NPC.

“The project will empower us to swiftly address privacy concerns and violations, ultimately upholding every citizen’s right to privacy in this digital age,” said NPC Commissioner John Henry Naga.

“We also encourage our citizens to be vigilant and proactive in safeguarding their digital well-being. Report any privacy concerns or incidents promptly, as your active role is essential to our collective effort to ensure a safer and more secure online environment for every Filipino,” said DICT Secretary Ivan John Uy.

The DSPQR Project will be operational on Oct. 25.

Meanwhile, Makati City Rep. Luis Campos Jr. is pushing for an additional P3 billion to build up the capabilities of the Cybercrime Investigation and Coordinating Center (CICC) amid the series of cybersecurity attacks on government websites.

“We must bolster the CICC with all the necessary cutting-edge technologies to swiftly produce actionable intelligence against all types of threat actors – from thrill seekers and hacktivists to cyber criminals and cyber terrorists,” he said.

House Minority Leader Marcelino Libanan and Rep. JC Abalos II filed House Resolution 1392, directing the House committee on information and communications technology to investigate, in aid of legislation, the cyber attacks on the websites of the state health insurer, Philippine Statistics Authority, Department of Science and Technology (DOST), House of Representatives and the Senate.  – Catherine Talavera, Delon Porcalla, Rainier Allan Ronda