Privacy body calls meeting with PhilHealth to tackle cyberattack

enablePagination: false
maxItemsPerPage: 10
maxPaginationLinks: 10

Metro Manila (CNN Philippines, September 25) — The National Privacy Commission (NPC) ordered the Philippine Health Insurance Corporation (PhilHealth) to attend a hearing on Tuesday that will tackle the cyberattack on the systems of the state health insurer.

In a statement released Monday, the NPC said it wanted PhilHealth to provide “comprehensive information regarding the nature and extent of the data breach.”

The privacy body stressed it expects PhilHealth to provide within the next two days, or until September 27, a complete report containing the details on personal data that may have been compromised, as well as the containment measures it has implemented.

The NPC said the September 26 hearing will be followed by an onsite investigation on September 28.

“These actions have been initiated to evaluate the impact of the alleged data breach and to assess the mitigation efforts undertaken by PhilHealth, with a primary focus on protecting the interests of the affected beneficiaries and contributors,” it said.

The state health insurer earlier said the cyberattack only affected “some personal data of mostly PhilHealth employees, not of PhilHealth members.”

According to the Department of Information and Communications Technology (DICT), the hackers have asked for roughly ₱17 million to allow the government to decrypt the data that they seized.