On October 3rd, stolen PhilHealth data began leaking in the dark web, and two days after, the information was disseminated further through the messaging app, Telegram.
What Kind of Information Leaked?
With 730 gigabytes of information even when the Department of Information and Communications Technology’s (DICT) cybersecurity division was only 90% done with analyzing the data, over one million Philhealth membership registration forms have been breached.
Labeled as the “Medusa ransomware attack”, it is reported that so much private information has been stolen, including PhilHealth members’ information, along with their receipts signifying their PhilHealth contribution. In these receipts, the 12-digit PhilHealth Identification Number (PIN) of the member can also be accessed.
Other Recent Breaches of Data
Since the 2016 Comelec hacking which resulted in the breach of private information of an estimated 55 million registered voters, the Medusa ransomware attack has been the biggest. However, there have been multiple incidents of breaches of data in the country as of recent.
Back in April, records leaked from the National Bureau of Investigation, Special Action Force, Bureau of Internal Revenue, and the Philippine National Police. The Department of Information and Communications Technology stressed that this is something the state ought to take action about because of the increasing instances of data breach in the country, not only affecting individuals, but national government agencies at large.
Information Secretary Ivan Uy has expressed his grievances over their limits in the check and balance of national government agencies because of the budget cut imposed on the country’s cybersecurity. According to him, the budget for the next year is a stark contrast to 2022 which was P1 billion.
Rejection of Confidential Funds Requested by the DICT
The Department of Information and Communications Technology has requested a P300 million confidential fund for the sector in 2024, to which House Deputy Minority Leader and ACT Teachers Rep. France Castro declined. According to Castro, what we need are more auditable funds in order to hire more equipment for cyberspace protection.
Castro mentioned that at a time like this, fixing the fact that the Philippine cyberspace is unmanned is far more effective than to be more untransparent. Previously, in 2019 and 2020, DICT was granted a confidential fund of P400 million and P800 million respectively.