
Police have launched a manhunt and formed a special task force to investigate the fatal shooting of a prominent…

The so-called “Oplan Romanov,” or the alleged covert operation purportedly aimed at eliminating Vice President Sara…

TACLOBAN CITY — Just a week after classes resumed following a fatal mass shooting on campus, officials at San Jose…

The Philippine Charity Sweepstakes Office (PCSO) has signed up another corporation to expand public access to the…

Water reserves at Pantabangan Dam are rising steadily following heavy rains brought by the southwest monsoon and…

Read next

What's your take?
Google Preferred Sources
Get more Daily Tribune stories in your search results
Add Daily Tribune as a preferred source on Google Search.
Continue reading
State insurer Philippine Health Insurance Corp., or PhilHealth, may have liabilities in the ransomware attack that endangered the data of its members, according to the data protection agency National Privacy Commission, or NPC.
NPC said it has begun its "proactive" investigation into the possible violations of PhilHealth and its officials after the "staggering" data breach leaked confidential information about the state insurer's members and employees.
It said it is looking into PhilHealth's accountability under the Data Privacy Act of 2012 after its Complaints and Investigation Division found "sensitive personal information" among the compromised data.
"This decisive action follows the unsettling revelation of a data breach where confidential information was illicitly obtained from PhilHealth's systems," it said.
"The NPC will leave no stone unturned in its investigation into the potential negligence of PhilHealth officials and explore whether any efforts have been made to conceal pertinent information," it added.
Don't use 'exfiltrated data'
In pushing for a so-called "sua sponte" investigation, the NPC intends to identify the officials responsible so it can "recommend legal prosecution to the fullest extent permissible by law."
The Latin term "sua sponte" means "of one's own accord" and indicates that a court has taken notice of an issue on its motion.
"During a recent media interview, PhilHealth officials implicitly acknowledged a degree of negligence on their part, with one of their officials citing the expiration of an antivirus software as the potential vulnerability that may have facilitated the breach," NPC noted.
Earlier, PhilHealth said it immediately reported the 22 September breach to the NPC, the Department of Information and Communications Technology, and law enforcement agencies.
It added that its membership database, claims, contributions, and accreditation information were stored separately and were"intact and completely unaffected by the cyberattack."