Saying it is the first such initiative it has undertaken, the National Privacy Commission (NPC) has launched the “Na-leak ba ang PhilHealth Data ko?”, a database search portal designed to help individuals verify the status of their personal information in light of the recent hacking incident against PhilHealth.
The cyberattack was carried out by the Medusa Ransomware Group, which posted the breach data online on October 5, 2023.
As of October 13, the initial batch of data available on the portal pertains to individuals aged 60 years and above, containing an estimated 1 million records out of 8.5 million senior citizens.
“The primary aim of this tool is to empower Filipinos, especially senior citizens, to take proactive measures in safeguarding their data and securing themselves against potential risks like identity theft, financial fraud, phishing attacks, extortion, blackmail, medical identity theft, reputational damage, and invasion of privacy. This is particularly crucial due to their susceptibility to these exploitative acts,” the agency said in a statement.
The leaked files, comprising approximately 734 GB of extracted data, are now under scrutiny to update the portal and provide data subjects of all age groups with the information they need, according to the NPC.
The agency said the portal exclusively focuses on the PhilHealth incident and does not encompass data breaches from other sources or incidents.
A negative result from this search should not be misconstrued as an assurance of data security in other areas, the NPC stressed. To utilize the portal, users are required to enter their PhilHealth Identification Number (PIN), and the portal will verify whether their personal information was part of the leaked data.
The NPC said the portal has been designed to allow individuals to remain compliant with the DPA, thereby safeguarding their personal information without inadvertently violating the law.
It also assured users that the database will be regularly updated to provide the up-to-date information, gradually including data from all age groups affected by the PhilHealthLeak incident.
Meanwhile, the Philippine Statistics Authority (PSA) assured the public of transparency and preventive action following the breach of data from the Community-Based Monitoring System (CBMS).
The PSA said an investigation into the causes and scale of the incident is being conducted jointly with the Department of Information and Communications Technology (DICT) National Computer Emergency Response Team-Philippines (NCERT-PH), the Philippine National Police (PNP) Anti-Cybercrime Group, the National Bureau of Investigation (NBI) Cybercrime Division, and the National Privacy Commission (NPC).
Based on initial investigation, the links posted by the hackers lead to limited data taken from the CBMS Management Information System.
“Leads for the identification of the bad actors have been provided to the PNP and the NBI for further action. The PSA will also work with partners to ensure the perpetrators of this incident are brought to justice,” the agency said.
It added that investigations have confirmed that data in the Philippine Identification System (PhilSys), the Civil Registry System, and more than 100 other censuses and surveys that the agency conducts are unaffected.