Connect with us

Hi, what are you looking for?

HEADLINES

DICT, NPC urged to prepare Filipino consumers, institutions on impact of PhilHealth data breach

NADPOP and PH-CERT offered to provide a third-party perspective and assist PhilHealth in its current breach investigation with the DICT and NPC. 

Two advocacy groups on data privacy urge the Department of Information and Communications Technology (DICT) and the National Privacy Commission (NPC) to warn and prepare Filipino consumers, and institutions that have received PhilHealth member information to deliver their services, on the potential impact of the PhilHealth data breach through a Medusa malware attack discovered last September 22. 

“Compared to the Comelec data breach in 2016, the potential impact of this incident is even bigger as all working Filipinos are mandatorily enrolled, and need to pay monthly contributions. We urgently request the DICT and NPC that even if only a fraction of the extent of the breach has been revealed by the threat actors, they can already guide consumers, and institutions that use PhilHealth information on what to do in case their personal information was compromised by the breach,” said Sam Jacoba, President of the National Association of Data Protection Officers of the Philippines (NADPOP), the Philippines’ first advocacy group of Data Protection Officers. 

Lito Averia, President of the Philippine Computer Emergency Response Team (PH-CERT), a volunteer organization that assists individuals and institutions on information security issues, agree that the regulators should already anticipate the worst case scenario as it is better to warn Filipino consumers as soon as possible as the threat actors can already exploit the illegally accessed personal information.  

“PhilHealth, with the help of the DICT, is releasing information on the breach bit by bit. This is actually understandable as the discovery process for external security incidents is complicated, but they can already assume that a significant number of member data was compromised based on their recent statement,” Averia said. “Thus, better prepare PhilHealth members for the worst case scenario so they will not be caught off-guard and suffer potential financial loss or be a victim of identity theft.” 

Advertisement. Scroll to continue reading.

NADPOP and PH-CERT also offered to provide a third-party perspective and assist PhilHealth in its current breach investigation with the DICT and NPC. 

“If PhilHealth needs unbiased third-party support, we have volunteers who are ready to assist in digital forensics and in the data breach management needs of the agency,” Jacoba and Averia jointly offered. “We are extending our support to PhilHealth and its impacted employees and members during this time as we know the value of all of us helping each other during these times. It takes a community to protect personal information.” 

NADPOP and PH-CERT just concluded CyberSecConPH last September 19 attended by more than 100 cybersecurity professionals, which kickstarted the formation of a Cybersecurity Community of Practice in the Philippines that will connect with the ASEAN-Japan Cybersecurity Community this week in Tokyo. On October 25 to 27, in support of Cybersecurity Month, the two groups will host an online conference on Governance, Risk and Compliance (GRC) that will elevate the knowledge and skills of Data Protection Officers (DPOs) and Cybersecurity Professionals in fighting against internal and external threat actors. The conference is by-invitation only and exclusive to active NADPOP and PH-CERT community volunteers, members and partners. 

Advertisement. Scroll to continue reading.
Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

White Papers

When compared to 2023, Sophos saw a 51% increase in abusing “Living off the Land” binaries or LOLbins; since 2021, it’s increased by 83%.

HEADLINES

Someone illegally acquires or uses personal information such as bank account or credit card numbers of another person to obtain money, goods or services....

HEADLINES

To stay ahead of these challenges, organizations need to invest in AI-driven defenses, transition to quantum-safe encryption, and adopt a Zero Trust approach to...

HEADLINES

There was a 121% Year-on-Year (YoY) increase in identity fraud in 2024 across the region, with significant surges recorded in Singapore (207%), Thailand (206%)...

HEADLINES

As part of RCBC’s 2024 Cybersecurity literacy program, the webinar aims to help Filipinos level up their online banking safety by providing them with...

White Papers

The survey found that CXO’s feel less prepared than their global peers. Less than half or 48% in APAC said they felt completely prepared...

HEADLINES

On average, a single organization in the Philippines experiences 4,003 attacks per week, significantly higher than the APAC average of 2,870 attacks per week.

White Papers

Exploiting this vulnerability, cybercriminals craft deceptively authentic phishing emails that align with current trends, exploiting human emotions to invoke urgency and trick recipients into...

Advertisement