The National Privacy Commission (NPC) on Friday launched an online portal where members of the Philippine Health Insurance Corp. (PhilHealth) can check if their records were among those compromised in a recent data leak.
The portal—philhealthleak.privacy.gov.ph—contains data covering a segment of PhilHealth members age 60 years and above, with the records of 1 million senior citizens currently ready for checking.
“The primary aim of this tool is to empower Filipinos, especially senior citizens, to take proactive measures in safeguarding their data and securing themselves against potential risks like identity theft, financial fraud, phishing attacks, extortion, blackmail, medical identity theft, reputational damage and invasion of privacy,” the NPC said in a statement.
“This is particularly crucial due to their susceptibility to these exploitative acts,” it added.
Members who wish to verify if their records were exposed can input their PhilHealth identification number (PIN) in the online portal.
The portal is part of an NPC initiative called “Na-leak ba ang PhilHealth data ko? (Was my PhilHealth data leaked?),” using the data set reportedly leaked by hackers from the Medusa ransomware group.
Medusa earlier claimed responsibility for the hacking incident and demanded a $300,000 (about P17 million) ransom for the information it stole.
READ: Leaked Philhealth data ‘staggering,’ says NPC
Disclosing the results of its initial investigation of the cyberattack, the NPC last weekend said a “staggering” amount of files equivalent to more than 730 gigabytes had been stolen from the state insurer.
The data privacy watchdog has yet to complete its analysis of the extent of the breach, although PhilHealth admitted in an Oct. 2 statement that the “compromised” data may include individual names, addresses, dates of birth, sex, phone numbers and PINs.
The data leak has also prompted the NPC to issue guidelines concerning the potential use of fake PhilHealth ID cards, warning banks, hospitals and telecommunication companies that these may be used in transactions.