September 27, 2023. MAKATI, Philippines. In the aftermath of the recent cyberattack on the state-run Philippine Health Insurance Corporation (PhilHealth), Senator Mark Villar has called for increased accountability and security measures to safeguard public health information. He described the attack as a severe “attack on public health.”
Senator Villar has filed Resolution No. 811, calling for an official investigation into the Medusa ransomware attack on the PhilHealth system, along with other cyberattacks targeting government websites. He urged the government to bolster its efforts to protect the digital landscape.
In a statement, Villar emphasized the need for robust cybersecurity measures, especially for government agencies entrusted with sensitive data. He also expressed concern about the safety of digital assets given the significant funds allocated to PhilHealth for IT projects.
Policy think tank Infrawatch PH echoed these concerns, calling for accountability and transparency in light of the cyberattack. Infrawatch PH Convenor Terry Ridon questioned the integrity of PhilHealth’s cybersecurity measures, citing alleged overpriced IT projects previously flagged by the Commission on Audit.
“It’s disconcerting that despite a budget of Php100.2 billion for 2023, the highest among Government-Owned and Controlled Corporations (GOCCs), PhilHealth has failed to secure its database. Heads should roll. Why is there no adequate system in place to combat this mess?” Infrawatch PH Convenor Terry Ridon said in a statement on Monday.
Ridon cited the agency’s alleged overpriced IT projects, which were also questioned earlier by the Commission on Audit.
“The irregularities in the IT project, including overpricing by P98 million, raise questions about the integrity of PhilHealth’s cybersecurity measures. It’s not just about the money but about the trust of most Filipinos with PhilHealth coverage,” Rigon said.
Ridon emphasized that the breach erodes public trust and called for those responsible to be held accountable. He stressed the importance of a transparent investigation into the cyberattack, as it impacts the digital footprint of countless Filipinos.
The Medusa ransomware group, which targeted PhilHealth, demanded a ransom of USD $ 300,000 from the government and threatened to expose the compromised data online. Despite their understanding of the culprits’ operations, authorities have been unable to file charges against them at this time.
The National Privacy Commission (NPC) has ordered PhilHealth to provide a comprehensive explanation of the alleged ransomware attack. The NPC, dedicated to safeguarding citizens’ privacy and data security, has initiated actions to assess the impact of the breach and evaluate PhilHealth’s mitigation efforts. The agency has requested a detailed report from PhilHealth within the next two days, including information on compromised personal data and measures taken to address the situation.
The cyberattack on PhilHealth has raised significant concerns about the protection of sensitive health information and the urgency of cybersecurity enhancements in government agencies. Investigations are ongoing to determine the extent of the data breach and to hold those responsible accountable.