September 30, 2023
by Marinel Condino
The Philippine Health Insurance Corporation (PHIC) has been discovering since September 22, hackers who have been stealing the personal data of potential millions of people from the Philippine national health insurer which urges them to release an article about the staggering cyberattack as a precaution for all the members to take actions on their accounts through changing passwords and strengthen its security system. Currently, the hackers have been starting to release files including confidential memos from the stolen data. They also uploaded some of the stolen files to the dark web by showing health memos that they used to threaten and pressure the government to their benefit. As per the corresponding action, the PhilHealth members were suggested to monitor their credit card transactions and change passwords especially for financial services to ensure the security of their personal files, documents, and information.
The Philippine government suspects the Medusa group as the attackers who have once demanded $300,000 to restore access to PhilHealth computers and delete the stolen data. Hence, according to the US government report, in the year 2019 during the COVID-19 pandemic, they first detected the Medusa Locker which has been used to mainly target healthcare organizations and its creators took particular advantage of the emergencies. Despite these speculations, the Philippine government still doubted whether the Medusa group was responsible for the purchase of Medusalocker.
Regarding this concern, an Asian International School of Aeronautics and Technology instructor of the Institute of Design and Technology, Mr. Albert Bije, believes that:
“Certain government branches in the Philippines face challenges in data security, including the risk of hackers attempting to breach these facilities, seizing opportunities to infiltrate systems and gather sensitive information for ransom, as seen in the PhilHealth incident. This underscores the need for enhanced security measures and maintenance in ICT infrastructure across government servers to prevent data breaches.”
Moreover, Mr. Bije answered the virtual interview about the issue circulating in line with the information breachers and what it means for IDT graduates, he believes that as for IDT graduates, since they focus on designs, one thing they need to do from this instance is to practice netiquette. The internet is an information highway and it is too risky to explore and expose our identity as an individual. Personal and sensitive information should be kept confidential and not to be disclosed publicly. That’s why we need to practice internet etiquette and be informed of the danger of using this kind of technology aside from the benefits we may get from it.
This cyberattack which was described as “staggered” triggered the National Privacy Commission to investigate this matter into a potential lapse and data loss violation by PhilHealth. The NPC released a statement that whoever downloads the information for at least 734 GB containing “sensitive personal data” could face criminal charges. Instances like this have significant implications, especially for IDT graduates. It highlights the growing demand for skilled professionals in cybersecurity, data protection, and information technology. Thus, IDT graduates can play a vital role in addressing cybersecurity challenges, developing secure systems, and implementing best practices to mitigate the risk of data breaches.