PhilHealth advises precaution after data theft, leakage

MANILA, Philippines — The Philippine Health Insurance Corporation (PhilHealth) called on the public to take precautionary measures against potential fraudulent activities following a ransomware attack last month. 

In a statement Sunday, PhilHealth said that hackers have reportedly started circulating illegally obtained data from the workstations of its employees. 

The state health insurer advised its members to change the passwords of their online accounts, enable multi-factor authentication, and avoid responding to suspicious calls and text messages.

“Using the stolen data, the hackers will likely target members through calls, emails or text messages. Let us then heed the advice of authorities to refrain from clicking doubtful links or providing passwords or OTPs,” PhilHealth chief Emmanuel Ledesma, Jr. said.

PhilHealth earlier said that the ransomware attack did not affect the servers containing the private information of members. Only application servers and employees’ workstations were impacted.

The insurer also appealed to the public to refrain from circulating leaked data. Hackers may face up to 20 years of imprisonment, while individuals or organizations found downloading, processing or sharing the stolen data may also face criminal charges for unauthorized processing of personal information. 

The National Privacy Commission earlier said it was investigating the potential negligence of PhilHealth. The agency said it is ready to face any inquiry. — Gaea Katreena Cabico