Change phone numbers? What to do if you’re a potential victim in PhilHealth breach

Gelo Gonzales

This is AI generated summarization, which may have errors. For context, always refer to the full article.

Change phone numbers? What to do if you’re a potential victim in PhilHealth breach


Two cybersecurity and privacy advocate groups urge the DICT and NPC to help prepare members for worst-case scenarios

MANILA, Philippines – Several groups on Wednesday, October 4, stressed the urgency of the PhilHealth breach, with the National Association of Data Protection Officers of the Philippines (NADPOP) saying, “Compared to the COMELEC data breach in 2016, the potential impact of this incident is even bigger as all working Filipinos are mandatorily enrolled [in PhilHealth].” 

The Philippine Computer Emergency Response Team (PH-CERT), a volunteer organization providing assistance on information security issues, called on concerned agencies the Department of Information and Communications Technology (DICT) and National Privacy Commission (NPC) to anticipate the worst-case scenario right away to give potential victims the ability to prepare for possible cases of identity theft. 

PH-CERT said the DICT “can already assume that a significant number of member data was compromised based on their recent statement.” 

The hackers, which used Medusa ransomware to conduct the attack, began exposing data from the breach on Tuesday, October 3, after the time set for PhilHealth to pay the ransom lapsed. PhilHealth has said that only employee information was stolen, and did not affect the government health insurer’s member database. 

However, undersecretary Jeffrey Dy of the DICT also said that while the PhilHealth member database remained “intact,” some employee workstations and servers hit by the Medusa ransomware attack may have also contained information on members.

PhilHealth said in a “clarificatory” statement that files “stored locally in the hard drive of the infected workstations may have been compromised.” It added, “An inventory is being conducted in order to determine the extent of information which may have been exfiltrated from these workstations.” 

The statement doesn’t yet ascertain that there is no member data in these workstations, which possibly led to PH-CERT and NADPOP’s statement to assume the worst. 

PH-CERT said to “better prepare PhilHealth members for the worst case scenario so they will not be caught off-guard and suffer potential financial loss or be a victim of identity theft.” 

“We urgently request the DICT and NPC that even if only a fraction of the extent of the breach has been revealed by the threat actors, they can already guide consumers, and institutions that use PhilHealth information on what to do in case their personal information was compromised by the breach,” NADPOP said.

SIM swapping danger

Data ethics advocate and founder of Data Ethics Philippines, Dominic Ligot, warned about incidents of SIM swapping. When someone has your phone number, ID, and other details such as address and date of birth, they have the potential of successfully applying for a SIM replacement with a telco. 

This effectively means that they have taken control of your number, which, among others, is used for receiving one-time PINs for access to various apps like social media and email, thus breaking the final security layer for most users. 

“Your first defense is to remove any associated number and email that is known by PhilHealth with any other of your personal identities – social media, e-commerce, and online banking are the notable ones,” Ligot said. 

With the possibility of SIM swapping, reassigning two-factor authentication to a new number may offer extra protection. 

Most users use just one email and phone number combination for all of their apps, work tools, and other services. Ligot said that while it seems like a hassle, the PhilHJealth incident again underscores why there is value in “firewalling” separate identities via separate email and phone combinations as opposed to one number-and-email combination – a master key for all – being used for everything.

He also advised consumers to review RA 10173 (the Data Privacy Act) and RA 10175 (the Cybercrime Prevention Act) for possible legal redress, and compensation for damages. 

Cybersecurity firm Kaspersky advised to inform the people in your life that you’re a potential victim of identity theft, and to be wary of other people pretending to be you for scams. One should also monitor suspicious activity on online accounts.  

Passwords on all your accounts should also be changed, as your password could have been included in other breaches, which could then be paired with what leaked in the PhilHealth hack.

PhilHealth also said it is working to notify affected individuals, and that if one isn’t notified, they likely aren’t part of the breach. The corporation recommended that members should monitor credit reports for unauthorized activity, and be wary of phishing emails and smishing texts. –

Add a comment

Sort by

There are no comments yet. Add your comment to start the conversation.

Summarize this article with AI

How does this make you feel?

Download the Rappler App!
Clothing, Apparel, Person


Gelo Gonzales

Gelo Gonzales is Rappler’s technology editor. He covers consumer electronics, social media, emerging tech, and video games.