THE PHILIPPINES is in dire need of bigger budget allocations for cybersecurity in order to boost protection of various government agencies against ransomware attacks, the advocacy group Digital Pinoys said on Thursday.

Digital Pinoys national campaigner Ronald B. Gustilo said Philippine digital sites are vulnerable to ransomware attacks, citing cybersecurity firm Palo Alto networks that cyberattacks in the country increased by 57% in 2022.

The report also puts the Philippines and Malaysia on top of the list of countries that experienced the most disruptive attacks in Southeast Asia this year.

Reacting to the Sept. 22 cyberattack on Philippine Health Insurance Corp. (PhilHealth), Mr. Gustilo said “PhilHealth executives should also be held accountable for this incident as the ultimate responsibility to ensure the safety of the information they are holding falls into their hands.”

Since the Medusa ransomware attack hit state-run insurance firm, the hackers have started publishing personal data including employee records, pictures, payroll and hospital bills.

The hackers then demanded $300,000 (P17 million) from the government in exchange for decryption keys and deleting the data they obtained.

“Now that the hacked information has been posted, Philhealth should immediately indemnify affected members and employees and take corrective actions as soon as possible,” Mr. Gustilo said.

“The public, including government employees and officials, needs to be educated about this issue in particular and cyber security and digital literacy as a whole so that we will be better equipped,” he added.

Separately, public policy think tank Infrawatch PH has expressed concern over the government’s lack of action and transparency that could lead to future digital attacks.

“We need to act now to prevent future breaches. A comprehensive digital security audit is not just advisable; it’s imperative for the safety and security of all Filipinos,” Terry L. Ridon, a public investment analyst and convenor of InfraWatch PH, said in a statement.

Mr. Ridon said that PhilHealth should outline the full extent of the data leaked, including its plan to address the issue.

“This critical issue demands immediate and transparent action from all parties involved. No urgent public notices can replace comprehensive action. The notice from PhilHealth is insufficient. It leaves the public in the dark about the full extent of the breach and fails to outline a clear action plan for resolving the issue,” he said. — Ashley Erika O. Jose