Privacy body probes 'possible negligence' in PhilHealth ransomware attack | ABS-CBN
Welcome, Kapamilya! We use cookies to improve your browsing experience. Continuing to use this site means you agree to our use of cookies. Tell me more!
Privacy body probes 'possible negligence' in PhilHealth ransomware attack
Privacy body probes 'possible negligence' in PhilHealth ransomware attack
Rowegie Abanto,
ABS-CBN News
Published Oct 04, 2023 10:19 AM PHT
Watch more on iWantTFC.com. Watch hundreds of Pinoy shows, movies, live sports and news.
Watch more on iWantTFC.com. Watch hundreds of Pinoy shows, movies, live sports and news.
MANILA — The National Privacy Commission (NPC) on Wednesday said it was looking into the accountability of state insurer PhilHealth after it suffered a cyberattack last month that could have exposed its members' data.
MANILA — The National Privacy Commission (NPC) on Wednesday said it was looking into the accountability of state insurer PhilHealth after it suffered a cyberattack last month that could have exposed its members' data.
"In this case, we're investigating whether or not there was possible negligence in the processing of personal information," Atty. Michael Santos of the NPC told ANC.
"In this case, we're investigating whether or not there was possible negligence in the processing of personal information," Atty. Michael Santos of the NPC told ANC.
Santos said charges would depend on determining which officials were remiss in their duty.
Santos said charges would depend on determining which officials were remiss in their duty.
"If that would not amount to negligence, maybe it would amount to possible administrative fines," which could reach up to P5 million, he said.
"If that would not amount to negligence, maybe it would amount to possible administrative fines," which could reach up to P5 million, he said.
ADVERTISEMENT
The privacy official said they would examine "whether or not there were appropriate technical, organizational, and physical security measures" to protect PhilHealth's entire data processing system.
The privacy official said they would examine "whether or not there were appropriate technical, organizational, and physical security measures" to protect PhilHealth's entire data processing system.
They are also checking if there were actions that would "amount to concealment", he said.
They are also checking if there were actions that would "amount to concealment", he said.
The state insurer detected the cyberattack made through Medusa ransomware on September 22, which prompted it to temporarily operate manually.
The state insurer detected the cyberattack made through Medusa ransomware on September 22, which prompted it to temporarily operate manually.
MEMBER DATA
On Monday, PhilHealth said it was notifying individuals affected by the data breach.
On Monday, PhilHealth said it was notifying individuals affected by the data breach.
While the "primary database was intact and not infected," the insurer said names, addresses, dates of birth, sex, phone numbers, and PhilHealth identification numbers might have been compromised.
While the "primary database was intact and not infected," the insurer said names, addresses, dates of birth, sex, phone numbers, and PhilHealth identification numbers might have been compromised.
But in a separate statement on Tuesday, the agency said the attack did not affect data servers that host members' information.
But in a separate statement on Tuesday, the agency said the attack did not affect data servers that host members' information.
"PhilHealth's membership database, claims, contribution, and accreditation information which are stored in a separate database are intact and completely unaffected by the said cyberattack," PhilHealth said.
"PhilHealth's membership database, claims, contribution, and accreditation information which are stored in a separate database are intact and completely unaffected by the said cyberattack," PhilHealth said.
It added that the attack affected only the application servers and employees' workstations.
It added that the attack affected only the application servers and employees' workstations.
BACK ONLINE
PhilHealth announced in a statement Wednesday that more systems were restored following the attack.
PhilHealth announced in a statement Wednesday that more systems were restored following the attack.
These include the HCI Portal, Electronic Premium Remittance System (EPRS), and ePAR or electronic PhilHealth Acknowledgment Receipt.
These include the HCI Portal, Electronic Premium Remittance System (EPRS), and ePAR or electronic PhilHealth Acknowledgment Receipt.
On September 29, PhilHealth said it had restored access to its website, member portal, and eClaims system.
On September 29, PhilHealth said it had restored access to its website, member portal, and eClaims system.
ADVERTISEMENT
ADVERTISEMENT
