MANILA, Philippines – The National Privacy Commission (NPC) has launched an investigation against the Philippine Health Insurance Corporation (PhilHealth) and its officials for their responsibility in the massive data breach that leaked the confidential information of PhilHealth members and employees. 

“The NPC will leave no stone unturned in its investigation into the potential negligence of PhilHealth officials and explore whether any efforts have been made to conceal pertinent information,” it said in a statement on Saturday, October 7.

The NPC noted that PhilHealth seemed to “implicitly acknowledge a degree of negligence on their part” after an official admitted vulnerabilities in their system, such as having expired antivirus software. The NPC said it intends to “identify the responsible officials, and recommend legal prosecution to the fullest extent permissible by law.”

In its findings so far, the privacy watchdog said that 650 gigabytes worth of compressed files have been leaked by the hackers. But upon extraction, these amounted to a “staggering 734 GB worth of data, including personal and sensitive personal information.”

The PhilHealth data breach came after a still-unknown group used Medusa ransomware to attack the government health insurance agency on September 22. 

Must Read

Change phone numbers? What to do if you’re a potential victim in PhilHealth breach

After a ransom of $300,000 was not paid, the hackers then began to dump the stolen data on the dark web on Tuesday, October 3. But the illicitly obtained information soon began showing up on regular websites and the messaging app Telegram on Thursday, October 5.

In its statement, the NPC also warned the public that anyone found to have processed, downloaded, or shared data from the PhilHealth breach could face criminal charges. – Rappler.com