MANILA — The National Privacy Commission has launched a deeper investigation into the data breach at the Philippine Health Insurance Corp. after initial analysis found that it involved 734GB of data, an amount that it described as staggering.

It said that the investigation will look into the accountability of PhilHealth officials for the breach, which may have partly been caused by expired antivirus software.

• Privacy body probes 'possible negligence' in PhilHealth ransomware attack

NPC said that its Complaints and Investigation Division found “sensitive personal information” among the data that was affected by the breach.

The fuller probe will look into the scope of the breach, who could be held responsible for it and what cases they may be prosecuted for.

“The NPC will leave no stone unturned in its investigation into the potential negligence of PhilHealth officials and explore whether any efforts have been made to conceal pertinent information,” he said.

• Govt must prepare consumers for potential impact of PhilHealth data breach: groups

In an October 2 PhilHealth notice, the state insurer said that it had immediately reported the September 22 breach to the NPC, Department of Information and Communications Technology and to law enforcement agencies.

PhilHealth meanwhile has said that its membership database, claims, contribution, and accreditation information are stored in a separate database.

It said these are intact and completely unaffected by the cyberattack.

"Any individual or organization found to process, download, or share the exfiltrated data from PhilHealth will be held accountable for unauthorized processing of personal information and may face criminal charges," NPC also said.

• Six out of eight PhilHealth external systems running after ransomware attack