cybersecurity

PhilHealth officials may face law for negligence in ‘staggering’ data breach – NPC

Lance Spencer Yu

This is AI generated summarization, which may have errors. For context, always refer to the full article.

PhilHealth officials may face law for negligence in ‘staggering’ data breach – NPC
The National Privacy Commission also warns the public that anyone found to have processed, downloaded, or shared data from the PhilHealth breach ‘may face criminal charges’

MANILA, Philippines – The National Privacy Commission (NPC) has launched an investigation against the Philippine Health Insurance Corporation (PhilHealth) and its officials for their responsibility in the massive data breach that leaked the confidential information of PhilHealth members and employees. 

“The NPC will leave no stone unturned in its investigation into the potential negligence of PhilHealth officials and explore whether any efforts have been made to conceal pertinent information,” it said in a statement on Saturday, October 7.

The NPC noted that PhilHealth seemed to “implicitly acknowledge a degree of negligence on their part” after an official admitted vulnerabilities in their system, such as having expired antivirus software. The NPC said it intends to “identify the responsible officials, and recommend legal prosecution to the fullest extent permissible by law.”

In its findings so far, the privacy watchdog said that 650 gigabytes worth of compressed files have been leaked by the hackers. But upon extraction, these amounted to a “staggering 734 GB worth of data, including personal and sensitive personal information.”

The PhilHealth data breach came after a still-unknown group used Medusa ransomware to attack the government health insurance agency on September 22

Must Read

Change phone numbers? What to do if you’re a potential victim in PhilHealth breach

Change phone numbers? What to do if you’re a potential victim in PhilHealth breach

After a ransom of $300,000 was not paid, the hackers then began to dump the stolen data on the dark web on Tuesday, October 3. But the illicitly obtained information soon began showing up on regular websites and the messaging app Telegram on Thursday, October 5.

In its statement, the NPC also warned the public that anyone found to have processed, downloaded, or shared data from the PhilHealth breach could face criminal charges. – Rappler.com

Add a comment

Sort by

There are no comments yet. Add your comment to start the conversation.

Summarize this article with AI
Download the Rappler App!
Clothing, Sleeve, Person

author

Lance Spencer Yu

Lance Spencer Yu is a multimedia reporter who covers the transportation, tourism, infrastructure, finance, agriculture, and corporate sectors, as well as macroeconomic issues.