DICT still analyzing ‘millions’ of questionable files in PhilHealth data breach

The Department of Information and Communications Technology or DICT has yet to fully resolve the recent Philippine Health Insurance or PhilHealth data breach that affected millions of accounts.

"We are analyzing the files and we are almost 90 percent done. We have seen that a lot of those files have questionable extensions. Unfortunately, it is a significant amount — millions," DICT Undersecretary Jeffrey Ian Dy said in an interview with reporters on Monday.

The country has an existing team called the National Computer Emergency Response Team or NCERT under DICT that receives, reviews and responds to computer security incidents.

Dy, however, lamented that it is incapable of swiftly handling all ransom attacks.

The National Privacy Commission or NPC had already launched a more comprehensive investigation into the data breach that hit PhilHealth.

The initial report showed that the incident involved a "staggering" 734 gigabytes of data with "sensitive personal information" involved. Because of this, the NPC said it is open to looking into the potential accountability of PhilHealth officials for the breach.

Separately, DICT Secretary Ivan John Uy said that his office has yet to identify the identity of the hackers but he added that local hackers would not dare to do that.

"If these are operating from third countries that are safe havens for them, we can't pin that down, we can only identify them, that's part of our investigation. I think the locals will not dare because we can chase them, it is within our jurisdiction," Uy said.

In a separate development, the DICT and its Cybersecurity Bureau, in partnership with Digital Pilipinas, have formally sealed their commitment on Monday to build a roadmap for a more secure digital future for the Philippines.

The initiative was launched after the Philippines, being the second in the world when it comes to the number of recorded cyberattacks, reportedly lost up to P100 million in each instance, per data by the Philippine National Police.

For its part, Digital Pilipinas, the biggest private sector-led movement for fostering an innovation and technology ecosystem that actively participates in the global digital economy, said it will support the creation of a unified cybersecurity framework.