Metro Manila (CNN Philippines, November 14) — The Department of Information and Communications Technology (DICT) on Tuesday confirmed that COVID-19 vaccination data from the Philippines has been uploaded to the dark web following a supposed cyberattack on the World Health Organization’s (WHO) database.
\”We can confirm that we monitored the data dump in several platforms in the dark web with regards to COVID-19 data,\” DICT spokesperson Assistant Secretary Aboy Paraiso told the media. \”The term we use is data dump, but you know, upload, yes.\”
Data dump refers to the transfer of large amounts of data between two systems, while the dark web is the hidden collective of internet sites that can only be accessed by a specialized web browser.
\”As far as what DICT has done or can do, it’s very limited.\” Paraiso said. \”We already notified yung mga respective organization, purportedly WHO, where the data breach happened. We cannot compel them, we just wait for their reply for verification.\”
The DICT has communicated to the WHO with regard to the reported breach but has yet to receive a response, he also said.
He added that the supposed breach affected not only the Philippines but also India.
Although the WHO has not yet confirmed the scope of the leaked data, Paraiso stated that it might be assumed to include any information provided for vaccination.
\”We cannot say for a certainty on what’s the extent, what kind of information but from all indications, it’s COVID-19 data, so we can deduce that whatever data that we submitted — names, addresses — can be the subject of that data breach and the extraction of it,\” the DICT official explained.
Health Secretary Ted Herbosa earlier said the Department of Health (DOH) received reports about a cyberattack on WHO’s systems, where the country’s COVID-19 vaccination data is housed.
\”In response, the DOH is currently in close coordination with WHO and the Department of Information and Communications Technology to ascertain the veracity of this report, as well as to determine the extent of any possible data breaches and the appropriate interventions, should there be any,\” Herbosa said.
Additional details will be made public as soon as they are available, according to the Health chief.
He further assured the public that safeguards for data privacy are in place and that efforts have been made to strengthen the security of DOH-managed data systems using various security solutions.
The DOH also urges the public to take precautions to secure their digital information in light of recent hacking events and data breaches.
Cyberattacks not isolated to PH
The supposed breach on the database of the WHO affected not only the Philippines but also India, according to the DICT.
\”To be fair, I think the DOH adapted certain measures to secure data we provided them,\” Paraiso told CNN Philippines’ News Night. \”It’s unfortunate that this happened [to] an international organization.\”
Paraiso argued that this just goes to show that cyberattacks is not isolated to the Philippines.
\”This highlights that hacking, inflitration, data extraction are not isolated to the Philippines,\” he said. \”It’s a worldwide phenomenon.\”
Last month, multiple government agencies reported hacking incidents in their systems, prompting a call for a Senate probe.
