The Philippine Health Insurance Corporation (Philhealth) has confirmed that the personal information of 13-20 million members was compromised in a data breach orchestrated by the Medusa hackers, marking the largest breach in Philippine history.
In response, the Philhealth board has initiated an independent investigation into Philhealth’s management and officers, leading to their reassignment.
Emmanuel Ledesma Jr., president and CEO of Philhealth, expressed his dismay over the board’s loss of confidence in the executive committee, characterizing them as lacking competence, displaying gross negligence, and being ineffective.
The data breach had its origins in a terminal responsible for transmitting information to the Department of Budget and Management, housing data about senior citizens and indigent members. Given that funding for indigents’ premiums and senior citizens’ expenses is drawn from the national budget or the General Appropriations Act, collaboration with the DBM was crucial.
Nerissa Santiago, Philhealth’s Data Privacy Officer, revealed that the hackers accessed members’ names, dates of birth, addresses, and PINs. Additionally, personal information belonging to approximately 600 to 800 Philhealth employees was also compromised, including images of their passports and IDs, now accessible on the internet.
Ledesma emphasized his commitment to implementing the board’s directive, while ensuring compliance with relevant laws, rules, and regulations governing reassignments in the public sector.