AMID the unresolved hacking incident at the Philippine Health Insurance Corp. (PhilHealth), Senator Sherwin Gatchalian has urged both government agencies and private sector entities to bolster their cybersecurity defenses.
Gatchalian emphasized the critical need for safeguarding vital information infrastructure and called for compliance with international cybersecurity standards and best practices.
To address these concerns, Gatchalian has introduced Senate Bill 2066, also known as the Critical Information Infrastructure Protection Act.
This legislation mandates all covered critical information institutions (CII) to implement robust measures safeguarding their information and communications technology (ICT) systems.
It also requires the Department of Information and Communications Technology (DICT) to establish and update information security standards, with CII institutions obligated to adhere to these standards.
Additionally, the National Computer Emergency Response Team (NCERT) will be designated as the central authority for computer emergency response teams in the country.
The NCERT will administer a centralized information security incident reporting mechanism that spans various industries, including banking, finance, broadcast media, emergency services, energy, healthcare, telecommunications, and transportation, among others.
Experts have expressed concern about the scale of the PhilHealth data breach. Winthrop Yu, chair emeritus of the Internet Society’s Philippine Chapter, noted that cyber attackers had already released a significant amount of data, raising questions about the breach’s extent. Customized cybersecurity solutions and increased employee training in cyber hygiene are recommended, as off-the-shelf solutions may not suffice.
Lito Averia, president of the Philippine Computer Emergency Response Team, emphasized the importance of proper training and awareness among employees to recognize and thwart cyber threats. He also suggested implementing technical measures like network segmentation and regular data backups to prevent large-scale data breaches.
Gatchalian stressed the growing reliance on digital technologies in the Philippines, particularly in the wake of the Covid-19 pandemic.
Filipinos are increasingly using digital services, and the e-commerce sector is experiencing significant growth. With this increased digital activity, Gatchalian highlighted the heightened risk posed by cyber threats, ranging from casual scammers to sophisticated state-sponsored actors who target ICT systems and networks for various malicious purposes. (ai/mnm)