Philippine lawmakers are currently examining PhilHealth, the nation’s primary health insurance administrator, for its failure to notify millions of a major data breach. Last year’s ransomware incident exposed the personal health information of over 42 million people, but the affected individuals were not informed in a timely manner.
During a government hearing, Eli Dino Santos, the Executive Vice President of PhilHealth, admitted that the organization did not meet its legal duty to inform the victims. Legal advisors at the hearing stated that PhilHealth was supposed to notify the affected parties within three days, providing details about what data was taken, how the breach happened, the risks involved, and how they can safeguard themselves.
Representative Stella Quimbo has demanded an immediate progress report on the notification efforts and expects a detailed plan for victim notification by the end of the week.
PhilHealth, responsible for the healthcare coverage of the country’s 114 million people, faced significant disruptions in September 2023 due to the Medusa ransomware group’s attack. PhilHealth initially claimed that no personal or medical information was leaked.
However, by October 2023, it was confirmed that data of 8.5 million senior citizens had been stolen. A portal set up by the government in April allows individuals to verify if they were affected by the breach, which involved 430 gigabytes of data and impacted 42,089,693 people.
The Philippines has been dealing with a variety of cyber threats, from criminal activities to state-sponsored attacks. In February, the nation thwarted cyberattacks attributed to China, and there has been a reported increase in malicious cyber activities targeting the Philippines in the early months of 2024. Moreover, hacktivist groups have been using ransomware to conduct targeted attacks on the country’s critical infrastructure.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
