In the wake of the massive data breach at the Philippine Health Insurance Corp. (PhilHealth) affecting potentially millions of members, the National Privacy Commission (NPC), the country’s privacy watchdog, has unveiled an online portal to enable members to check if their data was compromised.

The “Na-leak ba ang PhilHealth Data ko?” is a database search tool designed to assist PhilHealth members in verifying the status of their personal information and determining whether their data was exposed.

In September 2023, it was revealed that PhilHealth had fallen victim to a cyberattack by the Medusa Ransomware Group. Member information was posted online on Oct. 5, 2023. As of Oct. 13, 2023, the initial batch of data available on the portal are of those of senior citizens or individuals aged 60 years and above, comprising an estimated 1 million records out of the 8.5 million senior citizens affected.

Security advocates raise concerns about PhilHealth data breach
Fortinet observes dip in ransomware detection within organizations

To access the “Na-leak ba ang PhilHealth Data ko?” database search tool, visit: https://philhealthleak.privacy.gov.ph/ 

“We understand the paramount importance of your data’s safety, and this tool stands as a testament to our commitment to your security and peace of mind,” Privacy Commissioner Atty. John Henry Naga, said in a statement.

This online portal is an independent initiative by the NPC, utilizing data reportedly released by the Medusa Ransomware Group, which includes approximately 734 GB of extracted data. These files are currently under scrutiny to continually update the portal and provide information to individuals of all age groups for their peace of mind.

Unauthorized access

To use the portal, users are required to input their PhilHealth Identification Number (PIN), and the portal will verify whether their personal information was part of the leaked data.

NPC said that the “Na-leak ba ang PhilHealth Data ko?” portal is exclusively focused on this specific incident and does not encompass data breaches from other sources or incidents. A negative result from this search should not be misconstrued as an assurance of data security in other contexts.

The NPC also cautions that downloading, processing, or using the exfiltrated data from PhilHealth may constitute “unauthorized processing,” violating the Data Privacy Act of 2012, specifically Section 25, which carries significant legal consequences.

The privacy watchdog assures users that the “Na-leak ba ang PhilHealth Data ko?” database will be regularly updated to provide the most current information, gradually including data from all age groups affected by the PhilHealthLeak incident, thereby offering a reliable resource for assessing the security of your personal data.