State health insurer ordered to report on ransomware attack

Onsite investigation to also be conducted

State health insurer ordered to report on ransomware attack


By Kenneth Araullo

The National Privacy Commission (NPC) of the Philippines has mandated that the Philippine Health Insurance Corporation (PhilHealth) provide a detailed account regarding the recent cyberattack on its system.

In an official statement, the NPC stated that PhilHealth had informed them about the alleged ransomware attack on Sept. 25.

“The complaints and investigation division of the NPC has taken action to address this incident. We issued a notice to explain to PhilHealth, seeking comprehensive information regarding the nature and extent of the data breach,” the NPC said in a Philippine Star report.

The NPC also summoned PhilHealth to a hearing that was scheduled for Sept. 26. The commission also informed that these notices would be succeeded by a notice of an onsite investigation on Sept. 28.

“These actions have been initiated to evaluate the impact of the alleged data breach and to assess the mitigation efforts undertaken by PhilHealth, with a primary focus on protecting the interests of the affected beneficiaries and contributors,” the NPC said. “In strict adherence to NPC Circular No. 2016-03, we expect PhilHealth to provide a complete report within the next two days.”

The NPC said that the report should encompass a thorough description of the breach, outlining specifics concerning potentially compromised personal data, and outlining the measures taken to manage and address the situation.

What are your thoughts on this story? Please feel free to share your comments below.

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!