PhilHealth estimates 13 to 20 million members affected by data breach
MANILA, Philippines — An estimated 13 to 20 million individual data had been leaked due to the ransomware attack on the Philippine Health Insurance Corporation (PhilHealth), the state insurance provider said Wednesday.
According to PhilHealth Data Privacy Officer Nerissa Santiago, the number is a rough estimate as the agency still verifies data recently obtained from the Department of Information and Communications Technology (DICT).
“Sa ngayon po wala pa talaga kaming exact number as we are still analyzing the data that we just obtained [from DICT],” said Santiago in a press conference.
(As of this moment, we don’t have the exact number as we are still analyzing the data that we just obtained from DICT.)
“[But] for the members, talking about the workstations, we’re expecting about 13 to 20 million names po,” she added.
To recall, PhilHealth employees’ workstations and application servers were breached in a ransomware attack last Sept. 22.
User data such as names, addresses, dates of birth, sex, phone numbers, and PhilHealth identification numbers were compromised due to the attack.
Santiago said PhilHealth has yet to begin notifying members affected due to the massive size of data it is currently analyzing.
“This consists of about 700 [gigabytes] of data, and it’s taking us a bit of time to analyze because of the volume of data,” said Santiago.
“As for the 13 million members, we are still in the process of analyzing it,” she added.
However, Santiago said that PhilHealth is already looking into different ways the agency could notify individual members affected by the data breach, such as the creation of an online portal where members could check if they were affected, a notification through text, email, or by snail mail or in-person notification.
RELATED STORIES
Leaked members’ data unretrievable – PhilHealth
PhilHealth warns vs posts portraying ‘ransomware’ attackers heroes
PhilHealth seeks public’s cooperation after ransomware attack
