THE ONGOING investigation into the Sept. 22 ransomware attack on Philippine Health Insurance Corp. (PhilHealth) is also looking into possible negligence and concealment on the part of the state-run insurance firm, the National Privacy Commission (NPC) revealed on Wednesday.
“As for PhilHealth’s liability, we are currently assessing whether negligence was involved on their part before making any definitive statements,” the NPC said. “We are also looking if there is concealment and possible imposition of administrative fines, pending the outcomes of our investigation.”
The NPC statement comes after hackers began exposing personal data that include employee records, pictures, payroll and hospital bills — the relevance of which probers are still assessing.
Senator Mary Grace Poe-Llamanzares, chairperson of Senate Committees on Economic Affairs and Public Services, said that any cyberattack is unacceptable and that following the PhilHealth incident, it should be guaranteed “that members’ records are not compromised.”
“As keepers of vital information of the people, the government must institute the most secure firewall against cybercrime,” the senator said.
She also called on the Department of Information and Communications Technology and concerned agencies to conduct regular checks on the integrity of their security systems to ensure protection against hackers.
Under NPC’s Circular No. 2022-01, administrative fines apply to all personal information controllers and personal information processors, whether government or private.
“The specific amount of the penalty will be determined based on the outcome of the investigation,” NPC said. — Justine Irish D. Tabile
