What You Can Do to Protect Your Identity After PhilHealth’s Massive Data Breach
Oct 6, 2023   •   Meryl Medel
8List.ph is published by ID8, Inc.
Oct 6, 2023   •   Meryl Medel
Working Filipinos have become victims of a government agency’s negligence after the Philippine Health Insurance Corporation (PhilHealth) failed to protect their personal data from hackers. Here’s what happened and what you can do now to safeguard your data.
Filipino employees entered October with a piece of distressing news with PhilHealth admitting that their website and online application had been hacked last September 22, already over a week before their announcement.
Sorry folks. Your data is out there. pic.twitter.com/6uxJBSHyfB
— Dominic Ligot (@docligot) October 3, 2023
While PhilHealth claimed that its primary database was not infected, this doesn’t necessarily mean that its data remained safe. The servers that the hackers were able to access may also contain members’ private information like names, addresses, dates of birth, sex, phone numbers, PhilHealth identification numbers — as well as claims, contribution, and accreditation details — all of which may have been compromised.
According to the Department of Information and Communications Technology (DICT), the cybercriminals have asked for USD 300,000 (or about PHP 17 million) as ransom, promising they will hand over the decryption keys and delete the data they obtained. However, after the government refused to pay the ransom in accordance with its policy, the hackers proceeded to publish the data on the dark web.
The state insurer drew flak from officials and the public alike for their “late admission” and “possible negligence” of the incident, and cybersecurity groups have been pushing for the government to provide guidance to consumers and institutions due to the potential impact of the data breach.
— Melvin Calimag (@melvsgc) October 3, 2023
While the data may already be out there, you can still take some steps to mitigate the impact of this data breach.
Check the notice and see which data was compromised. This will help you understand if cases of identity theft can happen. In their notice, PhilHealth enumerated the following: name, address, date of birth, sex, phone number, and PhilHealth identification number, among others. To be sure, you can also check the list of personal information that PhilHealth required for registration so you’re familiar with the data that has been potentially compromised.
Do it as soon as you can. Ideally, your passwords are different for each account you have. You should also use passwords that are at least 10 characters long and do not have your personal information. For easier tracking and management, you can also use a password manager.
Better if you can use multi-factor authentication (MFA). The additional requirement of a one-time code to log in to your accounts will serve as an extra security measure. You can use authenticator apps like Google Authenticator for this.
Since the sensitive data compromised are information that can be used with most financial institutions, make sure to keep an eye out for any suspicious activity in your credit and debit accounts. Freeze your credit if you can, and disable permissions in your online account if possible.
That includes any calls, texts, or emails you might receive. PhilHealth said they will be contacting those who were affected, but make sure the communication you’re receiving is legitimate before clicking on any links or the like.
If you’re not using any old accounts, make sure to close them down properly. There are official guidelines on how to delete your accounts on different websites and social media platforms, so if you don’t need those accounts anymore, you should let them go.
Input your search keywords and press Enter.