The National Privacy Commission (NPC) is currently investigating the cyberattack that targeted state insurer PhilHealth last month.
The attack potentially exposed the personal data of PhilHealth members, leading to concerns about the accountability of the organization.
Atty. Michael Santos of the NPC confirmed that the investigation aims to determine if there was any negligence in the handling of personal information.
The outcome of the investigation will determine the charges to be filed against those responsible. Santos mentioned that if negligence is proven, administrative fines of up to P5 million could be imposed.
The NPC will assess whether appropriate technical, organizational, and physical security measures were in place to safeguard PhilHealth’s data processing system. Additionally, they will investigate any potential actions that could be considered as attempts to conceal the incident.
Source: PhilNews24 | October 4, 2023
