The Communiqué
October 25, 2023
In an era where almost everything is available in the digital space, personal information is already a weapon that can be used against someone. As easy as it is to store information online, the data is also vulnerable to exposure, especially in a system filled with lapses.
In September, Philippine Health Insurance Corporation (PhilHealth) data was exposed by hackers on the dark web. The information published includes the employee's details such as their identification cards, payroll, and even memos. The incident happened after PhilHealth refused to pay the ransom money worth $300,000. Earlier this month, the department estimated that the claimed cyberattack on its database had affected 13 million to 20 million members' data, which also included duplicated names.
The group of attackers was identified as “Medusa,” and according to the Department of Information and Communications Technology (DICT) Undersecretary Jeffrey Dy, the leak on the dark web appears to be a "teaser" from the attackers who might still be waiting for the government to pay the ransom money.
On the other hand, as mentioned by DICT and PhilHealth, the members’ database remains intact as it was not part of the servers during the cyberattack. However, this alone is not enough to provide a guarantee of security in exchange for the public trust given to PhilHealth.
Moreover, earlier this month, the department estimated that the claimed cyberattack on its database had affected 13 million to 20 million members' data, which also included duplicated names.
As if faults in the healthcare system of the country amidst the pandemic weren’t enough, this loose cybersecurity, and lack of accountability showed another negligence in providing the quality service that every Filipino deserves to receive.
Instead of providing advancements in cybersecurity— corruption in the supposed IT projects are the ones making headlines.
Back in July 2020, while at the height of the pandemic, a proposed 2.1-billion-peso information technology (IT) project of PhilHealth was reported to be overpriced by P98 million. Given that the project’s purpose was to combat fraud and scams by some corrupt personnel, it was a brazen measure coming from the spearhead who fell short in analyzing irregularities existing within their proposed project itself.
What if this project was successfully implemented and was followed up with prioritization in their cybersecurity? Chances are Philhealth’s data would not be stolen which will prevent the threat of data leakage.
What-ifs and maybes should have been considered and normalized within the system, but unfortunately, they failed to materialize because of the unending greed of those in power.
In a statement by PhilHealth Workers for Hope, Integrity, Transparency and Empowerment last September, the country’s universal healthcare system is “being held hostage” due to the incompetence of the people managing it. A damning statement for PhilHealth but a description of reality reflected by the current state of their system.
The information held by the attackers is not just mere zeros, and ones of data, these are real details of real people. The same individuals who trusted PhilHealth with their information in the hopes of getting the promised healthcare benefits.
A rotten system filled with incompetent individuals— these are common issues that seem so hard to get rid of in the Philippine landscape. How long must the people endure getting the short end of the stick because of the irresponsibility of those seated in power? How much longer can the people bear the weight of corruption and the greed of the powerful?
As the attack on PhilHealth has a direct impact on the digital footprints of many Filipinos, accountability with their investigations must be upheld. Secure their information and take responsibility for the breached trust given to them.
Until we demand justice, it won’t end.
Comentarios