Ray Reyes

Lawmaker wants PhilHealth to be liable for data leak

October 5, 2023 Ryan Ponce Pacpaco 333 views

A CONGRESSMAN on Thursday said he wants the Philippine Health Insurance Corp. (Philhealth) to be held liable for failing to protect the personal information of its members.

AnaKalusugan Rep. Ray Reyes also scored Philhealth officials for blaming government procurement rules on its failure to update its anti-virus systems.

“Dapat may managot sa nangyaring hacking at data leak sa Philhealth. They should quit their posts if they can’t competently follow guidelines that were meant to ensure integrity in government transactions,” Reyes said.

“Blaming the procurement rules just shows a failure of leadership in Philhealth and the lack of importance they place in protecting members’ data.

Anti-virus software is subscription-based and can be easily procured with basic planning and management,” he added.

In an earlier interview, Philhealth executive vice president and chief operating officer Eli Santos said Philhealth failed to update its anti-virus system due to “procurement issues” and “a strict compliance of rules and regulations.”

The lawmaker also hit Philhealth for its conflicting statements and lack of transparency during the breach.

“Nakakalungkot kasi pinapaikot lang tayo ng Philhealth sa pabago-bago nilang statements.

Sa simula sinabi nila na walang data leak hanggang sa umabot na tayo sa ganito. Hanggang ngayon malabo at walang kasiguruhan ang mga statements na inilalabas nila,” he said.

The lawmaker thanked the Department of Information and Communication Technology (DICT) for helping restore Philhealth’s system but reiterated that the main concern is members’ data being compromised.

“Hindi na po natin mababawi o mabubura ang mga bagay na nakapost sa internet at dahil sa malaking kapabayaan na ito ng Philhealth, di malayong magamit ng mga masasamang loob ang personal information ng mga Philhealth members sa mga ilegal na gawain,” he added.

According to PhilHealth, it has yet to determine the number of subjects or records affected by the breach, but names, addresses, dates of birth, sex, phone numbers and PhilHealth identification numbers may have been compromised.