The National Association of Data Protection Officers of the Philippines (NADPOP), a dedicated data privacy advocacy group, along with the Philippine Computer Emergency Response Team (PH-CERT), a volunteer cybersecurity organization, have raised their concerns regarding the recently reported data breach at the Philippine Health Insurance Corp. (PhilHealth).

Reports indicate that the government health institution fell victim to a Medusa ransomware attack, which resulted in the compromise of its database.

NADPOP and PH-CERT are calling upon the Department of Information and Communications Technology (DICT) and the National Privacy Commission (NPC) to extend their support to potential victims (PhilHealth members) who may have been impacted by this data breach.

USAID partners with Palo Alto Networks to boost cybersecurity capacity in PH
NPC: PNP to further probe report of data breach

“Compared to the Comelec data breach in 2016, the potential impact of this incident is even more significant, as all employed Filipinos are mandatorily enrolled and required to make monthly contributions,” said Sam Jacoba, president of NADPOP.

NADPOP hopes that the government will provide guidance to both consumers and institutions that might be included in the PhilHealth database, outlining protocols for addressing potential data privacy violations that could affect them.

“It is essential to prepare PhilHealth members for the worst-case scenario so they are not caught off-guard and do not suffer potential financial losses or become victims of identity theft,” said Lito Averia, president of PH-CERT.

NADPOP and PH-CERT have offered their assistance in providing an impartial third-party perspective to aid in PhilHealth’s ongoing breach investigation, in collaboration with the DICT and NPC.

“If PhilHealth requires unbiased third-party support, we have volunteers ready to assist in digital forensics and in fulfilling the data breach management requirements of the agency. We extend our support to PhilHealth, its affected employees, and members during this challenging time, recognizing the importance of a united community in safeguarding personal information,” the security advocacy groups said.