The National Privacy Commission (NPC) has taken swift action following the cyberattack on the Philippine Health Insurance Corporation (PhilHealth), warning that officials may face legal consequences due to possible negligence.
An initial investigation conducted by the NPC Complaints and Investigation Division revealed that the data leak compromised a massive 734GB of personal and sensitive information.
In response to these alarming findings, the NPC has initiated an independent investigation to uncover the full extent of the breach, identify the responsible officials, and recommend legal prosecution to the fullest extent permitted by law, according to a statement issued by the commission.
The breach began when hackers exposed certain PhilHealth data, including personal employee details, on the dark web after the government refused to pay a ransom of $300,000 (approximately ₱17 million).
Moreover, the commission highlighted that PhilHealth could be held accountable for the incident as it appears that the data breach may have occurred due to the use of expired antivirus software.
Additionally, the NPC cautioned the public that unauthorized processing, downloading, or sharing of the exfiltrated PhilHealth data will be treated as a serious offense. Individuals found engaging in these activities may face criminal charges for the unauthorized handling of personal information.
The NPC’s actions underscore the importance of safeguarding personal data and holding those responsible for data breaches accountable for their actions.
Source: PhilNews24 | October 9, 2023
