In light of the recent cyberattacks targeting PhilHealth and resulting in a significant data breach, the National Privacy Commission (NPC) issues a ‘stern warning’ against attempting to download the massive, compromised data.
In a statement released today, the NPC says, “Any individual or organization found to process, download, or share the exfiltrated data from PhilHealth will be held accountable for unauthorized processing of personal information and may face criminal charges.”
As engaging in such actions is a potential ground for violation of the Data Privacy Act of 2012. “The NPC stands firm in its resolve to combat any actions that contravene the Data Privacy Act of 2012, whether within government or private institutions,” the agency adds.
“We pledge unwavering dedication to enforcing the necessary measures and will be relentless in holding those responsible fully accountable.”
The agency has also discussed its initial findings. Its Complaints and Investigation Division completed its initial analysis of a 650GB compressed data dump attributed to the notorious Medusa group.
Upon extraction, the decrypted files revealed a staggering 734GB of data, comprising personal and highly sensitive information.
In response to these alarming findings, the NPC says it has taken immediate action by launching an independent investigation to ascertain the full extent of the breach, identify the individuals responsible, and recommend legal prosecution to the fullest extent permissible by law.
In a recent media interview, PhilHealth implicitly acknowledged a degree of negligence on its end, as one of their officials mentioned the expiration of antivirus software as a potential vulnerability that might have facilitated the breach.
The NPC asserts it will thoroughly investigate the potential negligence of PhilHealth officials and examine if any efforts were made to conceal highly confidential information, leaving “no stone unturned.”
0 Comments
Leave a Reply