Metro Manila (CNN Philippines, October 13) — The National Privacy Commission (NPC) has launched an online portal where members of state insurer Philippine Health Insurance Corporation (PhilHealth) can check if their data was among those recently stolen and leaked by hackers.
The search tool was launched Friday as the NPC tries to mitigate the cyberattack that targeted the personal data of likely millions of PhilHealth members at risk to be exploited by criminals.
The public can access the “Na-leak ba ang PhilHealth Data ko?” portal at https://philhealthleak.privacy.gov.ph.
Hackers have reportedly uploaded on the dark web and messaging app Telegram around 700 gigabytes of stolen information on Oct. 5, according to the Department of Information and Communications Technology (DICT).
As of Friday, the NPC said on the webpage that at least 1 million PhilHealth identification numbers of senior citizens are \”confirmed to be part of the leaked database.\”
The portal will be regularly updated, it added.
The privacy watchdog also said the portal is only limited to information stolen by the Medusa Ransomware group and \”does not encompass the entire leaked PhilHealth database or data from other personal data breaches.\”
\”Therefore, a negative result from this search does not guarantee the security of your personal data in other contexts or databases,\” it warned, adding the search tool may produce \”inconclusive results.\”
In an interview with CNN Philippines’ The Exchange on Friday, NPC Complaints and Investigation Division Chief Michael Santos said the commission is looking into a possible creation of a website to update Filipinos if they are affected with incidents of data breach.
Hoping this would be the last?
The Philippines Statistics Authority and the Department of Science and Technology also reported incidents of data breach. DICT Secretary Ivan Uy earlier said more government agencies were hit by a data breach, but some are not reporting it due to issues that might be uncovered.
Santos says he “hope[s] there’s no more data breach,” adding that the commission has sounded the alarm repeatedly for the public and private sector to implement needed measures.
\”I hope this would be the last, and key officials would take lessons to beef up cybersecurity in their systems,\” Santos told The Exchange.
He said more funds could increase the NPC’s capability to educate and guide other government bodies and the public to better protect personal information.
But Steven Scheurmann, Regional Vice President for ASEAN at the Palo Alto Networks warned there might be more hacks, ransomware, and phishing scams coming, as the cybersecurity company sees an increasing trend of cyberattacks across Asia.
\”Hope is not a strategy,\” he stressed in a separate interview at The Exchange. \”A government department can have a budget, but if you buy the wrong tool sets it’s still inefficient…but if you don’t have the skills, then you also have a problem.\”
