
“THE Philhealth hacking should serve as a wake up call for government agencies to be extra vigilant in protecting the data of their members,” said House Deputy Minority leader and ACT Teachers party-list Rep. France Castro
As the National Privacy Commission (NPC) said it found a “staggering” amount of files equivalent to more than 730 gigabytes (GB) of data that had been leaked from the Philippine Health Insurance Corp. (PhilHealth).
The NPC said it had completed an initial analysis of 650 GB worth of compressed files from the data dump claimed by Medusa, a clandestine group that admitted hacking into PhilHealth computers and held the information it stole for a $300,000 (about P17 million) ransom.
“Upon extraction, these files revealed a staggering 734 GB worth of data, including personal and sensitive personal information,” the NPC said in a statement.
According to news reports, a two-page PhilHealth membership registration form holds about 700 kilobytes of data, meaning that if these were the files that had been leaked, it would be roughly equivalent to over 1 million pages.
“This is really shocking considering that millions of PhilHealth members data are in there. Now imagine if these hackers target the database of the SIM registration as well as that of the national ID system, majority of Filipinos private data would be compromised,” said the teacher solon.
“The Department of Information and Communication Technology (DICT) at the very least should devise guidelines or minimum requirements for cyberdefense for all government agency and repositories of data. It is almost laughable if it is not so dangerous that Philhealth even sent out the alert that it was hacked through free email which is both unofficial and more prone to hacking,” she added.
“The DICT should build unhackable systems or at the very least the best cyberdefense available so that we would not be a favorite target of hackers and if it cannot be done then the government should stop collecting sensitive data from Filipinos that can be exploited by unscrupulous groups and individuals,” said the Deputy Minority leader.
“Dito sana mapunta ang pondo ng DICT at wag na sa confidential fund na wala naman din sa kanilang mandato,” ended Rep. Castro.