Metro Manila (CNN Philippines, October 18) — The state health insurer expects that the data of around 13 million to 20 million members could have been possibly compromised by the recent cyberattack on its database.
But Philippine Health Insurance Corporation (PhilHealth) data privacy officer Nerissa Santiago said the figure also includes duplicated names as they are still analyzing the data.
“Sa ngayon wala pa talaga kaming exact number (We still have no exact figures yet), as we are still analyzing the data we have just obtained,” she said in a press briefing Tuesday.
“For the members, ito po kung we are talking of the local workstation, we are expecting about 13 [million] – 20 million names po,\” Santiago continued. \”But ayun nga po, hindi pa namin masabi ang exact number.”
[Translation: For the members, if we are talking about the local workstation, we are expecting about 13 million to 20 million names. But we cannot give an exact number yet.]
The PhilHealth official noted that most of the exposed data are those of indirect contributors, which include senior citizens and indigents.
She added that that data of some 600 to 800 Philhealth employees were also possibly compromised by the hacking in September.
The personal data stolen by Medusa hackers from PhilHealth were released into the dark web early this month after the government failed to pay $300,000 (roughly ₱17 million) in ransom money.
PhilHealth has already collaborated with the Department of Information and Communications Technology, National Privacy Commission, and law enforcement agencies to help in taking down the data leaked online, said Santiago.
It is currently considering different ways to notify affected members who have compromised data, she added.
“Isa [One] would be notification through text if the [cellphone] number is available in our database,\” Santiago pointed out. \”Another would be email, notification through email. The last resort would be the most difficult one, which is individually mailing or visiting the person themselves.\”
The NPC earlier launched an online portal where members could check if their data was among those stolen or leaked by the hackers.
Meanwhile, PhilHealth is waiting for the delivery this week of its procured antivirus software.
