What You Can Do to Protect Your Identity After PhilHealth’s Massive Data Breach

Working Filipinos have become victims of a government agency’s negligence after the Philippine Health Insurance Corporation (PhilHealth) failed to protect their personal data from hackers. Here’s what happened and what you can do now to safeguard your data.

What happened: PhilHealth’s data breach

Filipino employees entered October with a piece of distressing news with PhilHealth admitting that their website and online application had been hacked last September 22, already over a week before their announcement.

Sorry folks. Your data is out there. pic.twitter.com/6uxJBSHyfB

— Dominic Ligot (@docligot) October 3, 2023

While PhilHealth claimed that its primary database was not infected, this doesn’t necessarily mean that its data remained safe. The servers that the hackers were able to access may also contain members’ private information like names, addresses, dates of birth, sex, phone numbers, PhilHealth identification numbers — as well as claims, contribution, and accreditation details — all of which may have been compromised.

According to the Department of Information and Communications Technology (DICT), the cybercriminals have asked for USD 300,000 (or about PHP 17 million) as ransom, promising they will hand over the decryption keys and delete the data they obtained. However, after the government refused to pay the ransom in accordance with its policy, the hackers proceeded to publish the data on the dark web.

The state insurer drew flak from officials and the public alike for their “late admission” and “possible negligence” of the incident, and cybersecurity groups have been pushing for the government to provide guidance to consumers and institutions due to the potential impact of the data breach.

BREAKING | Medusa makes good on threat to leak PhilHealth data https://t.co/oJPf1B0pl8 pic.twitter.com/rjnl4o9h12

— Melvin Calimag (@melvsgc) October 3, 2023

What you can do to safeguard your data

While the data may already be out there, you can still take some steps to mitigate the impact of this data breach.

1. Identify the compromised data.

Check the notice and see which data was compromised. This will help you understand if cases of identity theft can happen. In their notice, PhilHealth enumerated the following: name, address, date of birth, sex, phone number, and PhilHealth identification number, among others. To be sure, you can also check the list of personal information that PhilHealth required for registration so you’re familiar with the data that has been potentially compromised.

2. Change your passwords and PINs.

Do it as soon as you can. Ideally, your passwords are different for each account you have. You should also use passwords that are at least 10 characters long and do not have your personal information. For easier tracking and management, you can also use a password manager.

3. Set up two-factor authentication (2FA), when possible.

Better if you can use multi-factor authentication (MFA). The additional requirement of a one-time code to log in to your accounts will serve as an extra security measure. You can use authenticator apps like Google Authenticator for this.

4. Keep an eye on your accounts and monitor your credit reports.

Since the sensitive data compromised are information that can be used with most financial institutions, make sure to keep an eye out for any suspicious activity in your credit and debit accounts. Freeze your credit if you can, and disable permissions in your online account if possible.

5. Be cautious of any communication or possible phishing scams.

That includes any calls, texts, or emails you might receive. PhilHealth said they will be contacting those who were affected, but make sure the communication you’re receiving is legitimate before clicking on any links or the like.

6. Delete old accounts and limit your presence online.

If you’re not using any old accounts, make sure to close them down properly. There are official guidelines on how to delete your accounts on different websites and social media platforms, so if you don’t need those accounts anymore, you should let them go.

Follow us on Facebook, Twitter, Instagram, Tiktok, and Youtube for the l8est entertaining, useful, and informative lists!

Up next:

• Here’s How You Can Find Out If You Were One of 880,000 Pinoys Affected by the FB Data Leak
• Here’s How You Can Protect Your Phone and Your Privacy from Those Annoying Spam Texts