After hackers recently leaked a whopping 730 gigabytes of data stolen from the files of the Philippine Health Insurance Corp. (PhilHealth), after it refused to pay a ransom of $300,000 for the stolen information, Filipino legislators have suddenly been calling on state agencies and private entities to fortify their computer systems against cyberattacks.
Lawmakers have called the incident a “wake up call” for all public agencies to be extra vigilant in protecting the data of its citizens.
“It is high time that we take the necessary steps to protect our critical information infrastructure by ensuring, at the minimum, compliance with international standards and globally accepted best practices for cybersecurity,” said Senator Sherwin Gatchalian in a statement.
Based on the findings of the National Privacy Commission, the data leaked by Medusa, a clandestine group that admitted hacking into PhilHealth computers, included the personal information of possibly hundreds of thousands of the state insurer’s beneficiaries.
House Deputy Minority Leader and ACT Teachers Rep. France Castro, also warned of possible hacking attacks on other targets should government fail to take extra steps to place adequate safeguards.
“No imagine if these hackers target the database of the SIM registration, as well as that of the National ID system, the majority of Filipino’s private data would be compromised,” Castro said as she called on the Department of Information and Communications Technology to come up with guidelines of minimum requirements for the cyberdefense of all government agencies and data repositories.
If the government cannot do that, it should stop collecting sensitive data from Filipinos that can be exploited by unscrupulous groups and individuals, she added.
That may be too late now, after most Filipinos have been forced to comply with laws and measures requiring the registration of sensitive personal information, which aside from what we have given to PhilHealth that has been breached and exposed, include the recent SIM registration and the National ID System.
On the other hand, all PhilHealth can do is ask its members to take “precautionary measures” against all sorts of online scams that could result from its data breach. It passed the responsibility to its members, recommending the changing of passwords for online accounts, enabling multifactor authentication, not interacting with suspicious emails, text messages and calls.
This latest data breach demonstrates to Filipinos just how vulnerable poorly protected computer systems can be, and how that description probably fits a lot of government and private databases that are supposedly the stewards of the information they have been gathering from us, promising confidentiality and security that is seemingly nonexistent.
Since our data has already been surrendered and gathered by the government that required it, would it be too much to ask that they protect it with their lives, instead of leaving us to fend for ourselves every time laughable cyberdefenses fail spectacularly?*
