By Junex Doronio
THE PLOT THICKENS, so to speak, as the National Privacy Commission (NPC) on Saturday disclosed that it is investigating the possible violations of the Philippine Health Insurance Corporation (PhilHealth) following a ransomware attack that could have compromised members’ personal data.
The NPC further bared that last October 6, its Complaints and Investigation Division completed its initial analysis of 650-gigabyte (GB) worth of compressed files originating from the data dump claimed by the Medusa group which earlier demanded $300,000 or approximately P17 million from PhilHealth or else they would release the data stolen from its database should the agency fail to pay the shadowy group.
But PhilHealth stressed that it would not pay the demanded ransom.
“This decisive action follows the unsettling revelation of a data breach where confidential information was illicitly obtained from PhilHealth’s systems,” the privacy body said in a statement.
It can be recalled that last September 29, PhilHealth announced that its corporate website, member portal, and e-claims were again accessible to the public.
The state health insurer initially said that there was no breach of its members’ data.
But later, PhilHealth admitted that it believes that several types of data were compromised, including name, address, date of birth, sex, phone number, and PhilHealth Identification Number.
With this, the NPC said it has launched a “sua sponte” investigation to “ascertain the full scope of this breach, identify the responsible officials, and recommend legal prosecution to the fullest extent permissible by law.”
Earlier, the Philippine National Police (PNP) said PhilHealth hackers could face up to 20 years of jail time.
(ai/mnm)