This is AI generated summarization, which may have errors. For context, always refer to the full article.
MANILA, Philippines – Department of Information and Communications Technology (DICT) cybersecurity Undersecretary Jeffrey Dy on Monday, October 9, said the number of members potentially affected by the PhilHealth data breach may be in the “millions.”
Dy, speaking on the sidelines of the launching event for the agency’s Cybersecurity Month, declined to provide a specific number, citing the possibility of duplicate data that has yet to be reviewed, but called the number affected in the incident as “significant.”
The undersecretary said, “It’s not the entire [member] database, but it is a significant number.”
Dy said the agency is about 90% done in analyzing the stolen PhilHealth data published first on the dark web on October 3, and the regular web and the messaging app Telegram on October 5. The data uploaded amounted to about 734 gigabytes uncompressed.
The new estimate stated by Dy is significantly larger than the thousands said to be potentially affected, earlier reported by GMA on Saturday, October 7.
GMA also reported that the DICT suggested providing new PhilHealth ID numbers (PIN) to prevent false PhilHealth claims by fraudsters.
PINs were among the stolen data, as revealed by PhilHealth itself in their October 2 notice to the public.
In a video seen by Rappler showing the stolen documents, one of the most readily identifiable membership-related files are member contribution receipts showing the full name, PIN, and the amount of the contribution.
DICT secretary Ivan Uy also reiterated that while PhilHealth’s servers that contain membership data may not have been hit by the hack, there were 92 workstations affected by the breach that accessed and downloaded data from the said database.
The member data remained in the workstations, and became part of the stolen data.
Uy also spoke about the confidential funds the agency is proposing for 2024, lamenting how it has decreased in past years.
It is proposing P300 million this year, an amount questioned by Senator Grace Poe over how the agency spent the P1.2 billion in confidential funds it received in 2019 and 2020 – to which, agency auditors replied that only P400 million was spent while P800 million became part of the government savings for its COVID-19 response, as reported by Philstar.
Echoing earlier statements on using the funds to fight cybercrime and scammers, the secretary said, “So habang ‘yung threat po eh lumalaki at lumalawak, eh ‘yung cybersecurity budget natin po ay paliit ng paliit ng paliit. Kung baga kung may giyera po tayo, habang ‘yung giyera ay palaki ng palaki, ‘yung budget para sa armas at sundalo ay paliit ng paliit.”
(While the threat grows, our cybersecurity budget gets smaller. Imagine if there was a war, where while the war gets bigger, the budget for arms and soldiers gets smaller.) – Rappler.com