ADVERTISEMENT
970x220
.navbar-nav.header-menu { width: 100%; justify-content: center; } .tab-menu-outers .nav-item{ width: unset; } .tab-bar-social.mt-5 { margin-top: 0 !important; } .second-header-menu { margin-top: 27px; padding: 12px 0; border-top: 1px solid #C3C1AE; border-bottom: 1px solid #C3C1AE; } .third-header-menu{ padding: 12px 0; } .bottom-header-menu { margin-right: 25px; text-decoration: none; font-family: "Canicule Display v0.3 Trial" , serif; font-weight: 500; font-size: 15px; line-height: 16px; color: black; } .bottom-header-menu:hover { color: #0A58CA !important; } header .time-date-section { display: flex; align-items: end; } header .mb-header-center .align-items-center .col-3 , header .mb-header-center .align-items-center .col-6, header .top-header-container .col-md-6{ z-index: 100; } header .desktop-menu-bar li:hover a{ background: transparent; color: #2E3192 !important; } @media(max-width: 767px) { header.header.mb-header{ display:none; } .second-header-menu .justify-content-center{ justify-content: start !important; } .second-header-menu ul , .third-header-menu ul{ display: grid; grid-template-columns: 1fr 1fr; width: 100%; } }

Cybersecurity failures plague PhilHealth once more

Recent leak reveals continuing struggle to safeguard data

Published Jan 15, 2024 06:01 am

At A Glance

  • Immediately after we got the information on the latest data leak, MB Technews reported the issue to the National Computer Emergency Response Team (NCERT) through the office of the Cybersecurity Bureau of the Department of Information and Communications Technology (DICT), led by Undersecretary Jeffrey Dy. NCERT promptly informed PhilHealth about the problem, which led to an immediate resolution of the incident.
  • PhilHealth has been facing significant criticism due to data breaches. These incidents have compromised the personal information of millions of its members, raising serious concerns about the organization's cybersecurity measures.
  • The organization experienced a severe cyberattack in September 2023, carried out by the Medusa Ransomware Group. This has been the biggest government data breach in the Philippines since the 2016 "Comeleak" incident. The attack involved a ransom demand of $300,000 and unauthorized access to sensitive data such as member account details, internal memos, and employee information. The discovery of this data being circulated online further exacerbated the situation.
  • In response to the breach, the National Privacy Commission (NPC) introduced an online portal for PhilHealth members to check if their data was compromised. However, this measure has been criticized for being more reactive than preventive. 
  • These incidents underscore the urgent need for PhilHealth to revamp its cybersecurity strategy. Given the sensitive nature of the data handled, the organization must implement strict security protocols, conduct comprehensive system assessments, and provide continuous training for its staff. 

The Philippine Health Insurance Corporation (PhilHealth) is currently grappling with criticism due to recurring data breaches, compromising the personal information of millions of its members and raising substantial concerns regarding its cybersecurity protocols.

 

philhealth dataleak.jpg
A screenshot of some of the details that were exposed in the latest cybersecurity issue involving Philhealth.

In September 2023, the organization experienced a severe cyberattack perpetrated by the Medusa Ransomware Group, the biggest government data breach since the 2016 "Comeleak" incident. This attack involved a ransom demand of $300,000 and unauthorized access to sensitive data, including member account details, internal memos, and employee information. The discovery of this stolen data circulating online further intensified the crisis.

In an effort to address the breach, the National Privacy Commission (NPC) introduced an online portal to assist PhilHealth members in checking whether their data was compromised. However, this response has been criticized as being reactive rather than preventive. Adding to the organization's woes, a new data leak was recently uncovered, revealing further vulnerabilities in PhilHealth's online systems. This alarming situation came to light when a user was presented with the details of another woman while checking her contributions. Upon refreshing the page, the details of a male account holder were displayed, an indication of unauthorized data exposure.

After we got the information about this latest incident, MB Technews immediately reported the issue to the National Computer Emergency Response Team (NCERT) through the office of the Cybersecurity Bureau of the Department of Information and Communications Technology (DICT), led by Undersecretary Jeffrey Dy. NCERT promptly informed PhilHealth about the problem, which led to an immediate resolution of the issue.

These incidents highlight the critical need for PhilHealth to overhaul its cybersecurity strategy, particularly given the sensitive nature of the data it handles. The organization must implement stringent security protocols, conduct thorough assessments of its existing systems to identify and rectify vulnerabilities and provide continuous training and awareness programs for its personnel.

PhilHealth's ability to regain public trust hinges on its effective response to these incidents and commitment to prioritizing cybersecurity to protect the sensitive information of Filipinos.

ADVERTISEMENT
300x250
.most-popular .layout-ratio{ padding-bottom: 79.13%; } @media (min-width: 768px) and (max-width: 1024px) { .widget-title { font-size: 15px !important; } }

{{ articles_filter_1561_widget.title }}

.most-popular .layout-ratio{ padding-bottom: 79.13%; } @media (min-width: 768px) and (max-width: 1024px) { .widget-title { font-size: 15px !important; } }

{{ articles_filter_1562_widget.title }}

.most-popular .layout-ratio{ padding-bottom: 79.13%; } @media (min-width: 768px) and (max-width: 1024px) { .widget-title { font-size: 15px !important; } }

{{ articles_filter_1563_widget.title }}

{{ articles_filter_1564_widget.title }}

.mb-article-details { position: relative; } .mb-article-details .article-body-preview, .mb-article-details .article-body-summary{ font-size: 17px; line-height: 30px; font-family: "Libre Caslon Text", serif; color: #000; } .mb-article-details .article-body-preview iframe , .mb-article-details .article-body-summary iframe{ width: 100%; margin: auto; } .read-more-background { background: linear-gradient(180deg, color(display-p3 1.000 1.000 1.000 / 0) 13.75%, color(display-p3 1.000 1.000 1.000 / 0.8) 30.79%, color(display-p3 1.000 1.000 1.000) 72.5%); position: absolute; height: 200px; width: 100%; bottom: 0; display: flex; justify-content: center; align-items: center; padding: 0 72px 0 12px; } .read-more-background a{ color: #000; } .read-more-btn { padding: 17px 45px; font-family: Inter; font-weight: 700; font-size: 18px; line-height: 16px; text-align: center; vertical-align: middle; border: 1px solid black; background-color: white; } .hidden { display: none; }
function showArticleBody(button) { const article = button.closest("article"); const summary = article.querySelector(".article-body-summary"); const body = article.querySelector(".article-body-preview"); const readMoreSection = article.querySelector(".read-more-background"); // Hide summary and read-more section summary.style.display = "none"; readMoreSection.style.display = "none"; // Show the full article body body.classList.remove("hidden"); } document.addEventListener("DOMContentLoaded", () => { let loadCount = 0; // Track how many times articles are loaded const offset = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10]; // The two offset values // changed to 10 from 1 , 2 const currentUrl = window.location.pathname.substring(1); let isLoading = false; // Prevent multiple calls if (!currentUrl) { console.log("Current URL is invalid."); return; } function isNearBottom() { return window.innerHeight + window.scrollY >= document.documentElement.scrollHeight - 100; } function onScroll() { if (isLoading) return; // Skip if already loading if (isNearBottom()) { if (loadCount >= offset.length) { console.log("Maximum load attempts reached."); window.removeEventListener("scroll", onScroll); return; } isLoading = true; // Set flag to prevent multiple calls const currentOffset = offset[loadCount]; window.loadMoreItems().then(() => { loadCount++; // Increment only after successful execution }).catch(error => { console.error("Error loading more items:", error); }).finally(() => { isLoading = false; // Reset flag after execution }); } } window.addEventListener("scroll", onScroll); }); // Mutation Observer for Newly Loaded Articles const observer = new MutationObserver(() => { const articles = document.querySelectorAll(".articles-observe"); if (articles.length > 0) { observeArticles(articles); } }); observer.observe(document.body, { childList: true, subtree: true }); // Intersection Observer for Updating URL function observeArticles(articles) { const intersectionObserver = new IntersectionObserver( (entries) => { entries.forEach((entry) => { if (entry.isIntersecting) { const newUrl = entry.target.getAttribute("data-url"); if (newUrl) { history.pushState(null, null, newUrl); } } }); }, { threshold: 0.1 } ); articles.forEach(article => intersectionObserver.observe(article)); }
.col-md-12.noPadding.col-xs-12:has(.mb-header-bottom) {padding: 0;} .bottom-footer {color: #fff;background-color: #2E3192;padding: 8px 0;} .bottom-footer .bottom-footer-menu {font-family: Inter;font-weight: 400;font-size: 12px;line-height: 16px;padding: 0px 10px !important;color: #fff !important;text-decoration: none; } .bottom-footer .container {display: flex;justify-content: space-between;align-items: center; } .bottom-footer p{font-family: "Inter";font-weight: 400;font-size: 12px;line-height: 16px;margin-bottom: 0;} .subscribe-button{position: absolute;bottom: 15%;right: 11%;} .subscribe-container {position: fixed;display: flex;align-items: center;background-color: white;height: 50px;border-radius: 50px;box-shadow: 1px 3px 8px 3px rgba(0, 0, 0, 0.2);width: 50px;overflow: hidden;transition: width 0.3s ease-in-out;text-decoration: none;white-space: nowrap; } .subscribe-icon {background-color: #2E3192;color: white;border-radius: 50%;width: 50px;height: 50px;display: flex;align-items: center;justify-content: center;font-size: 18px;flex-shrink: 0;transition: border-radius 0.3s ease-in-out; } .subscribe-text {font-size: 18px;font-weight: bold;color: black;margin-left: 0;margin-right: 0;width: 0;visibility: hidden;opacity: 0;transition: opacity 0.3s ease, width 0.3s ease;} .subscribe-container:hover {cursor: pointer;width: 170px;} .subscribe-container:hover .subscribe-icon {border-bottom-right-radius: 0;border-top-right-radius: 0;} .subscribe-container:hover .subscribe-text {visibility: visible;opacity: 1;margin-left: 10px;margin-right: 10px;width: auto;} h6.footer-heading{ font-weight: 700; } #bottom-footer ul li { display: flex; align-items: center; } @media screen and (min-width: 767px) and (max-width: 991px) { .bottom-footer p, .bottom-footer .bottom-footer-menu{ font-size: 9px; } } @media(max-width: 767px) { .bottom-footer .container {display: block;} .bottom-footer .container .justify-content-center{margin-top: 20px !important;} .bottom-footer .container .justify-content-center .list-group{ width: 100%; display: grid; row-gap: 10px; grid-template-columns: 1fr 1fr 1fr; justify-content: unset; } .bottom-footer p{font-size: 10px;} .subscribe-container { width: 50px !important; overflow: hidden;} .subscribe-container:hover { width: 50px !important;} .subscribe-container .subscribe-text {display: none !important;} .subscribe-button{right: 15%;bottom:7%;} } .mb-header-bottom .header-menu:hover { color: #2E3192 !important; } @media(max-width: 400px) { .bottom-footer .container .justify-content-center .list-group{ grid-template-columns: 1fr 1fr; } }

Sign up by email to receive news.