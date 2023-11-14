MANILA — The Department of Information and Communications Technology (DICT) on Tuesday said it has offered to help the World Health Organization (WHO) investigate a supposed breach of its database, which has compromised some COVID-19 vaccination data from the Philippines and India.

According to DICT spokesperson Assistant Secretary Renato Paraiso, the data leak was discovered by the Philippine National Computer Agency Response Team.

“There was information dumped on particular platforms. That’s why we got wind of the incident regarding the WHO breach. They were able to obtain some COVID-19 data, particularly from two countries,” he said.

Paraiso said the extent of the data breach is still unclear as they have yet to gain access to the WHO’s records.

“The problem with this is it’s an international agency that we have no jurisdiction over. We informed them but it would be up to them if they would request the DICT or the Philippine government (to) help in the investigation. If they do not request us to participate, we cannot ask them for their logs and do a deep dive into their systems to ascertain what went wrong, what data were captured,” Paraiso noted.

The Department of Health (DOH) is now also trying to coordinate with the WHO to come up with possible interventions.

“The Department of Health is currently in close coordination with the World Health Organization and the Department of Information and Communications Technology to ascertain the veracity of this report as well as to determine the extent of any possible data breaches and the appropriate interventions, should there be any,” said Health Secretary Ted Herbosa.

The WHO Regional Office for the Western Pacific has also come out with a statement saying it is already in communication with the relevant government agencies to ascertain the details of the breach.

“We will share more information in due course,” it added.

For cybersecurity expert and founder of Data Ethics Philippines Dominic Ligot, the alleged cyber attack on the WHO only proves that even the biggest institutions in the world can be vulnerable to hacking.

That’s why, he said, the Philippine government should have been more careful about handing over any kind of data, let alone such sensitive information, even in times of health emergencies like the COVID-19 pandemic.

“The lesson here is we should not be freely sharing data with people we cannot hold accountable. Kung ganun pala yung patakaran, if you cannot go after them, why should they have access to our data in the first place?” he said.

“This was probably taken during the pandemic where so many rules were disregarded in favor of the health emergency so I think it’s a reminder for us in the future that even in times of emergency, we should maintain basic data rights,” added Ligot.

Ligot warns that the data leak may lead to incidents of identity theft or even blackmail.

“People can start trying to fake identities for health fraud, try to get fake health claims. It could also be used for blackmail. There are many scenarios where people might not want their health information, which could be potentially damaging to their reputation, leaked to the public,” he said.

To mitigate the impact of the data leak, Ligot advised the public to regularly change passwords and not use the same set of usernames and passwords for all their accounts, especially when it comes to banking.

Herbosa, meanwhile, assured Filipinos that the DOH has undertaken the necessary cybersecurity measures to protect the data managed by the agency.