
Police have launched a manhunt and formed a special task force to investigate the fatal shooting of a prominent…

The so-called “Oplan Romanov,” or the alleged covert operation purportedly aimed at eliminating Vice President Sara…

TACLOBAN CITY — Just a week after classes resumed following a fatal mass shooting on campus, officials at San Jose…

The Philippine Charity Sweepstakes Office (PCSO) has signed up another corporation to expand public access to the…

Water reserves at Pantabangan Dam are rising steadily following heavy rains brought by the southwest monsoon and…
Read next

What's your take?
Google Preferred Sources
Get more Daily Tribune stories in your search results
Add Daily Tribune as a preferred source on Google Search.
Continue reading
The National Privacy Commission said Saturday it has begun its "proactive" investigation into the possible violations of the Philippine Health Insurance Corporation and its officials after the "staggering" data breach leaked the confidential information of state insurer's members and employees.
NPC said it is looking into PhilHealth's accountability under the Data Privacy Act of 2012 as the Complaints and Investigation Division found "sensitive personal information" among the data that was affected by the breach.
"This decisive action follows the unsettling revelation of a data breach where confidential information was illicitly obtained from PhilHealth's systems," it said.
"The NPC will leave no stone unturned in its investigation into the potential negligence of PhilHealth officials and explore whether any efforts have been made to conceal pertinent information," it further stated.
In pushing the "sua sponte" investigation, the NPC intends to identify the responsible officials so it can "recommend legal prosecution to the fullest extent permissible by law."
"During a recent media interview, PhilHealth implicitly acknowledged a degree of negligence on their part, with one of their officials citing the expiration of antivirus software as a potential vulnerability that may have facilitated the breach," NPC noted.
Earlier, PhilHealth said that it had immediately reported the 22 September breach to the NPC, Department of Information and Communications Technology, and law enforcement agencies.
It added that its membership database, claims, contribution, and accreditation information are stored in a separate database and are "intact and completely unaffected by the cyberattack."
NPC warned the public that "any individual or organization found to process, download, or share the exfiltrated data from PhilHealth will be held accountable for unauthorized processing of personal information and may face criminal charges."