The National Privacy Commission (NPC) issued on Wednesday, Oct. 11, a “guidance” for Personal Information Controllers (PICs) and Personal Information Processors (PIPs) on the potential proliferation of counterfeit PhilHealth IDs as a result of the data leak at the agency.
The NPOC said its Complaints and Investigation Division concluded last Oct. 6 its initial analysis of the 650GB compressed data files linked to the Medusa Ransomware Group’s data dump.
“It was determined that a portion of this data dump contained personal and sensitive personal information of PhilHealth members,” the data privacy body said.
“In light of these findings, the NPC strongly urges PICs and PIPs, particularly banks and non-bank financial institutions, hospitals, and public telecommunications entities (PTEs) to exercise heightened vigilance in detecting and preventing the fraudulent use of counterfeit PhilHealth IDs during various transactions.”
In this regard, the NPC said it wants to highlight the following risks unique and distinct to specific categories of PICs:
“The NPC reminds all concerned PICs, PIPs, and data subjects to take this advisory seriously and remain vigilant, refraining from any actions that could jeopardize their personal data,” it added.
“If anyone possesses information related to the use of counterfeit PhilHealth IDs, we kindly request you to contact us promptly at email@example.com. Your data privacy matters, and the NPC is here to protect it.”