MANILA (Philippine Daily Inquirer/Asia News Network): An estimated 13 to 20 million individual data had been leaked due to the ransomware attack on the Philippine Health Insurance Corporation (PhilHealth), the state insurance provider said on Wednesday (Oct 18).
According to PhilHealth Data Privacy Officer Nerissa Santiago, the number is a rough estimate as the agency still verifies data recently obtained from the Department of Information and Communications Technology (DICT).
“As of this moment, we don’t have the exact number as we are still analysing the data that we just obtained from DICT,” said Santiago in a press conference.
“[But] for the members, talking about the workstations, we’re expecting about 13 to 20 million names po,” she added.
PhilHealth employees’ workstations and application servers were breached in a ransomware attack on Sept 22.
User data such as names, addresses, dates of birth, sex, phone numbers, and PhilHealth identification numbers were compromised due to the attack.
Santiago said PhilHealth has yet to begin notifying members affected due to the massive size of data it is currently analysing.
“This consists of about 700 [gigabytes] of data, and it’s taking us a bit of time to analyse because of the volume of data,” said Santiago.
“As for the 13 million members, we are still in the process of analysing it,” she added.
However, Santiago said that PhilHealth is already looking into different ways the agency could notify individual members affected by the data breach, such as the creation of an online portal where members could check if they were affected, a notification through text, email, or by snail mail or in-person notification.