Maxicare reports data breach to NPC | ABS-CBN
ADVERTISEMENT
Welcome, Kapamilya! We use cookies to improve your browsing experience. Continuing to use this site means you agree to our use of cookies. Tell me more!
Maxicare reports data breach to NPC
Maxicare reports data breach to NPC
ABS-CBN News
Published Jun 18, 2024 03:15 PM PHT
|
Updated Jun 19, 2024 02:05 PM PHT
MANILA -- Health maintenance organization (HMO) Maxicare has reported a data breach to the National Privacy Commission (NPC).
MANILA -- Health maintenance organization (HMO) Maxicare has reported a data breach to the National Privacy Commission (NPC).
Maxicare said it was notified of a security breach on June 13. The company said the personal information of some 13,000 members was accessed.
Maxicare said it was notified of a security breach on June 13. The company said the personal information of some 13,000 members was accessed.
The HMO said these members used the booking platform of their third-party homeware provider, Lab@Home.
The HMO said these members used the booking platform of their third-party homeware provider, Lab@Home.
The company noted, however, that this figure is less than 1 percent of their total membership number.
The company noted, however, that this figure is less than 1 percent of their total membership number.
ADVERTISEMENT
“Compromised information may include those used for booking requests, but no sensitive medical information was exposed,” Maxicare said.
“Compromised information may include those used for booking requests, but no sensitive medical information was exposed,” Maxicare said.
The firm also added that its business operations and network were not affected by the breach.
The firm also added that its business operations and network were not affected by the breach.
“Lab@Home maintains a separate database for booking requests, which is not integrated with Maxicare’s system,” the company said.
“Lab@Home maintains a separate database for booking requests, which is not integrated with Maxicare’s system,” the company said.
The NPC said it received a data breach notification on June 16 at 12:49 p.m.
The NPC said it received a data breach notification on June 16 at 12:49 p.m.
In a statement, the Department of Information and Communications Technology - National Computer Emergency Response Team (DICT-NCERT) said the leak started when the threat actor discovered login and password credentials on the internet.
In a statement, the Department of Information and Communications Technology - National Computer Emergency Response Team (DICT-NCERT) said the leak started when the threat actor discovered login and password credentials on the internet.
"The threat actor then logged into the system and downloaded available data," the agency said.
"The threat actor then logged into the system and downloaded available data," the agency said.
DICT-NCERT said it is coordinating with the NPC and is ready to offer their assistance to Maxicare.
DICT-NCERT said it is coordinating with the NPC and is ready to offer their assistance to Maxicare.
Maxicare said it put emergency measures in place to protect the privacy of their members who might have been affected.
Maxicare said it put emergency measures in place to protect the privacy of their members who might have been affected.
The company also said it is working with an “industry-leading cybersecurity firm” to investigate the breach.
The company also said it is working with an “industry-leading cybersecurity firm” to investigate the breach.
Meanwhile, DICT advised organizations to implement either password-less authentication mechanisms, like biometric authentication, or to use multi-factor authentication to prevent these incidents from happening again.
Meanwhile, DICT advised organizations to implement either password-less authentication mechanisms, like biometric authentication, or to use multi-factor authentication to prevent these incidents from happening again.
"Also, all organizations, public and private, must exercise reasonable control over their outsourcing partner and ensure they also implement robust cybersecurity measures," it added.
"Also, all organizations, public and private, must exercise reasonable control over their outsourcing partner and ensure they also implement robust cybersecurity measures," it added.
Meanwhile, the DICT said it has not received any notification from the Maritime Industry Authority (MARINA) on the system breach it encountered.
Meanwhile, the DICT said it has not received any notification from the Maritime Industry Authority (MARINA) on the system breach it encountered.
ADVERTISEMENT
ADVERTISEMENT
