PhilHealth hack potentially exposes 42 million people

PhilHealth hack potentially exposes 42 million people | Insurance Business Asia

Cyber

PhilHealth hack potentially exposes 42 million people

House committee demands answers

Cyber

By
Roxanne Libatique

The House appropriations committee has requested the Philippine Health Insurance Corporation (PhilHealth) to provide a detailed report on the data breach incident from September last year, which exposed the personal information of 42 million people.

During a hearing on July 8, the National Privacy Commission (NPC) revealed that the breach impacted records of senior citizens, rebel returnees, and indigent Filipinos.

“There were 181 million records that were dumped [by the hackers], and we have downloaded them but there were duplicate records… as of now we’re cleaning 42 million records,” she said, as reported by Rappler.

PhilHealth data breach

The breach occurred on Sept. 22, 2023, when PhilHealth’s workstations were compromised.

Stolen data from PhilHealth has appeared on the dark web after the government declined to meet ransom demands made by hackers.

Preliminary investigations have shown that the leaked information includes identification cards of PhilHealth employees, such as Government Service Insurance System (GSIS) IDs.

Department of Information and Communications Technology (DICT) Undersecretary Jeffrey Dy reported finding copies of employee payrolls, regional office memos, directives, working files, and hospital bills on the dark web.

“In terms of PII (personal identifiable information), we saw some IDs, pictures, which we cannot ascertain at the moment if they are PhilHealth employees, or members,” he said.

The DICT previously reported that cybercriminals had demanded US$300,000 (approximately PHP17 million) for decryption keys and to prevent further dissemination of the stolen data.

Both the DICT and PhilHealth have said that the main members’ database, which contains sensitive information such as claims, contributions, and accreditation details, was not part of the affected servers targeted by the Medusa ransomware attack.

However, authorities have clarified that this does not guarantee that hackers did not access members’ information, as some of the same details might have been on other compromised servers.