Saying it is the first such initiative it has undertaken, the National Privacy Commission (NPC) has launched the "Na-leak ba ang PhilHealth Data ko?", a database search portal designed to help individuals verify the status of their personal information in light of the recent hacking incident against PhilHealth.
The National Privacy Commission (NPC) issued on Wednesday, Oct. 11, a “guidance” for Personal Information Controllers (PICs) and Personal Information Processors (PIPs) on the potential proliferation of counterfeit PhilHealth IDs as a result of the data leak at the agency.
The National Association of Data Protection Officers of the Philippines (NADPOP) and the Philippine Computer Emergency Response Team (PH-CERT) said regulators should already anticipate the worst-case scenario as it is better to warn Filipino consumers as soon as possible as the threat actors can already exploit the illegally accessed personal information.
While it is commendable that PhilHealth is now being transparent about the cyberattack, it is concerning that their DPO and action center utilized email addresses with @gmail.com domains for their official functions.
According to security researchers, as of 3:20pm Manila time, the Medusa Ransomware group may have already published the PhilHealth data files obtained from the ransomware cyberattack which occurred on Sept. 22, 2023.
According to the countdown timer on the Medusa blog on the dark Web, the files they supposedly exfiltrated from PhilHealth's systems will be released on October 3 Philippine time if the $300,000-ransom is not paid in cryptocurrency.
Social protection programs and services from the Social Security System (SSS), Philippine Health Insurance Corporation (PhilHealth) and Pag-IBIG will now be available onsite at Grab’s partner center located in Marikina, as part of its reinvigorated campaign to raise social welfare awareness amongst its driver and delivery partners in the country.
DOF secretary Carlos Dominguez III said they cannot make secure projections on PhilHealth’s fund life as its information system is incapable of generating relevant data despite spending “close to P200 billion”.
PhilHealth has called on its accredited health care institutions to shift to electronic claims (e-Claims) to facilitate claims processing and improve data integrity.
