Govt must prepare consumers for potential impact of PhilHealth data breach: groups | ABS-CBN

ADVERTISEMENT

dpo-dps-seal
Welcome, Kapamilya! We use cookies to improve your browsing experience. Continuing to use this site means you agree to our use of cookies. Tell me more!

Govt must prepare consumers for potential impact of PhilHealth data breach: groups

Govt must prepare consumers for potential impact of PhilHealth data breach: groups

ABS-CBN News

Clipboard

MANILA - Filipino consumers need to be warned about the potential impact of the PhilHealth data breach so they can prepare, according to two data privacy and cybersecurity advocacy groups.

The National Association of Data Protection Officers of the Philippines (NADPOP) and the Philippine Computer Emergency Response Team (PH-CERT) on Tuesday said the PhilHealth breach may have even bigger consequences than the Comelec data breach in 2016.

They urged the Department of Information and Communications Technology (DICT) and the National Privacy Commission (NPC) to “guide consumers and institutions that use PhilHealth information on what to do in case their personal information was compromised by the breach."

“Compared to the Comelec data breach in 2016, the potential impact of this incident is even bigger as all working Filipinos are mandatorily enrolled, and need to pay monthly contributions,” said NADPOP President Sam Jacoba.

ADVERTISEMENT

PH-CERT President Lito Averia agreed, saying that the regulators should already anticipate the worst-case scenario and warn Filipino consumers as soon as possible, as the threat actors can already exploit the illegally accessed personal information.

"PhilHealth, with the help of the DICT, is releasing information on the breach bit by bit. This is actually understandable as the discovery process for external security incidents is complicated, but they can already assume that a significant number of member data was compromised based on their recent statement," Averia said.

Watch more News on iWantTFC

NADPOP and PH-CERT also offered to provide a third-party perspective and assist PhilHealth in its current breach investigation with the DICT and NPC.

"If PhilHealth needs unbiased third-party support, we have volunteers who are ready to assist in digital forensics and in the data breach management needs of the agency," Jacoba and Averia jointly offered.

PhilHealth said it detected a cyberattack made through Medusa ransomware on Sept. 22, which prompted it to temporarily operate manually.

The NPC on Wednesday said it was looking into PhilHealth’s accountability as the cyberattack could have exposed its members' data.

An NPC official said sanctions may be slapped on officials who were remiss in their duty.

PhilHealth meanwhile has said that its membership database, claims, contribution, and accreditation information are stored in a separate database and are intact and completely unaffected by the cyberattack.

NADPOP and PH-CERT said they will be hosting an online conference on Governance, Risk, and Compliance from Oct. 25 to 27 in support of Cybersecurity Month.

ADVERTISEMENT

ADVERTISEMENT

It looks like you’re using an ad blocker

Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker on our website.

Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker on our website.