MaharlikaNews | Canada Leading Online Filipino Newspaper Portal The No. 1 most engaged information website for Filipino – Canadian in Canada. MaharlikaNews.com received almost a quarter a million visitors in 2020.
The Philippine Health Insurance Corporation (PhilHealth) is currently grappling with criticism due to recurring data breaches, compromising the personal information of millions of its members and raising substantial concerns regarding its cybersecurity protocols.
In September 2023, the organization experienced a severe cyberattack perpetrated by the Medusa Ransomware Group, the biggest government data breach since the 2016 “Comeleak” incident. This attack involved a ransom demand of $300,000 and unauthorized access to sensitive data, including member account details, internal memos, and employee information. The discovery of this stolen data circulating online further intensified the crisis.
In an effort to address the breach, the National Privacy Commission (NPC) introduced an online portal to assist PhilHealth members in checking whether their data was compromised. However, this response has been criticized as being reactive rather than preventive. Adding to the organization’s woes, a new data leak was recently uncovered, revealing further vulnerabilities in PhilHealth’s online systems. This alarming situation came to light when a user was presented with the details of another woman while checking her contributions. Upon refreshing the page, the details of a male account holder were displayed, an indication of unauthorized data exposure.
After we got the information about this latest incident, MB Technews immediately reported the issue to the National Computer Emergency Response Team (NCERT) through the office of the Cybersecurity Bureau of the Department of Information and Communications Technology (DICT), led by Undersecretary Jeffrey Dy. NCERT promptly informed PhilHealth about the problem, which led to an immediate resolution of the issue.
These incidents highlight the critical need for PhilHealth to overhaul its cybersecurity strategy, particularly given the sensitive nature of the data it handles. The organization must implement stringent security protocols, conduct thorough assessments of its existing systems to identify and rectify vulnerabilities and provide continuous training and awareness programs for its personnel.
PhilHealth’s ability to regain public trust hinges on its effective response to these incidents and commitment to prioritizing cybersecurity to protect the sensitive information of Filipinos.
*****
Credit belongs to : www.mb.com.ph
