Manila – On Wednesday, the National Privacy Commission (NPC) issued a call to action for banks, hospitals, and telecommunications companies (telcos) to exercise “heightened vigilance” in identifying and preventing fraudulent activities in light of the recent data breach at the Philippine Health Insurance Corporation (PhilHealth).
In its advisory, the NPC cautioned companies functioning as personal information controllers (PIC) and personal information processors (PIP) to be on high alert for counterfeit PhilHealth IDs.
The NPC’s Complaints and Investigation Division determined that a portion of the 650 GB data dump by the Medusa Ransomware Group contained personal and sensitive information of PhilHealth members.
In response to this discovery, the NPC cautioned banks and other financial institutions about the potential misuse of this data for identity theft and financial fraud, including the opening of accounts and conducting transactions using the leaked PhilHealth information.
The advisory stated, “Counterfeit IDs can facilitate money laundering activities within the banking system, potentially exposing banks to legal and regulatory consequences.”
For both public and private hospitals, the data breach could lead to medical fraud and illegal claims of healthcare benefits, as well as unauthorized access to sensitive medical information.
The NPC also alerted telcos that the leaked PhilHealth information could be exploited for SIM registration identity theft.
“Counterfeit IDs may be employed in the registration of SIM cards, allowing malicious actors to engage in criminal activities like fraud, harassment, and scams while maintaining anonymity,” the NPC warned.
Previously, Rey Baleña, the acting vice president of the Corporate Affairs Group at PhilHealth, stated that the investigation into the hacking incident is ongoing, and affected members will be notified. The Department of Information and Communications Technology is currently nearing completion of its analysis. (ai/mnm)