MANILA, Philippines — The National Privacy Commission (NPC) on Friday launched the "PhilHealthLeak Search Tool" portal, which allows members of Philippine Health Insurance Corp. to determine whether their data was compromised in the cyberattack that targeted the country's national health insurer.
In September, a massive cyberattack targeted PhilHealth, leading to the theft of personal data from potentially millions of individuals. As a result, the insurer urged its members to change their passwords due to the severity of the attack.
The website, according to the NPC, was created by the privacy commission in alignment with its data protection responsibilities outlined in the Data Privacy Act of 2012 (DPA).
"The primary purpose of this search tool is to empower data subjects to take proactive steps to further protect themselves from the risks associated with a personal data breach such as identity theft, financial fraud, phishing attacks, blackmail and extortion, medical identity theft, reputational damage and loss of privacy," the NPC said.
"This webpage only requires the input of the 12 digit identification number. More specifically, it allows users to check whether their personal data may have been compromised in the incident involving Philippine Health Insurance Corporation files made available online on 5 October 2023 purportedly by the Medusa Ransomware Group," it added.
Although the tool is useful for addressing data breaches, the NPC warned about its its limitations. The privacy commission highlighted the following key points:
- Limited scope: The search tool only covers data released by the Medusa ransomware group on Oct. 5, 2023. It does not include all the leaked PhilHealth data or data from other breaches. So, a negative result does not guarantee safety in other places.
- Inconclusive results: Despite best efforts to provide accurate information, data breaches are complex and ever-changing. If the member's data is not found in this search, it does not mean that ithe information has not been compromised. Data breaches can be tricky, and their full extent may not be immediately clear.
- Continuous updates: The search tool will get regular updates as new information emerges.. As the NPC investigates further, the tool will show the latest findings.
- Data privacy: The NPC assured the public that it is committed to safeguarding the members' data privacy in compliance with the Data Privacy Act, its Implementing Rules and Regulations, and relevant NPC directives.
The NPC-developed online tool can be accessed here.