The National Privacy Commission (NPC) has initiated an investigation following the discovery of a massive data leak from the Philippine Health Insurance Corp. (PhilHealth), amounting to a staggering 730 gigabytes (GB) of data.
The NPC, expressing concern over the extensive data breach, has commenced an inquiry to identify the individuals responsible for the compromise of private information, potentially affecting hundreds of thousands of the state insurer’s beneficiaries.
The commission conducted an initial analysis of 650 GB of compressed files from the data dump, claimed by the clandestine group “Medusa,” which admitted to hacking into PhilHealth computers and demanding a $300,000 (approximately PHP17 million) ransom for the stolen information.
READ: Hackers of PhilHealth Demand $300,000 Ransom, Says DICT
To put the scale of the leak in perspective, a two-page PhilHealth membership registration form holds about 700 kilobytes of data. If these were the files leaked, the breach would equate to over 1 million pages of information.
Given the severity of the situation, the NPC has proactively launched an investigation to fully comprehend the breach’s extent, identify accountable individuals, and recommend legal prosecution to the maximum extent allowed by law.
The NPC emphasized the potential misuse of the stolen member data, particularly in the context of the growing use of artificial intelligence (AI). The stolen information poses a significant risk of exploitation by unscrupulous individuals.
How to Secure Data After PhilHealth Ransomware Attack
Stakeholders, including the Alliance of Concerned Consumers in the Philippines, expressed deep concern over the breach, emphasizing the vulnerability of individuals whose sensitive information has been compromised. They stressed the importance of holding PhilHealth officials accountable for the breach, advocating for appropriate consequences for this serious security lapse.
