Lawmakers urge gov’t to boost ICT protection vs ‘malicious actors’ | Inquirer

Lawmakers urge gov’t to boost ICT protection vs ‘malicious actors’

/ 05:50 AM October 09, 2023

PhilHealth office in Quezon City.

PhilHealth office in Quezon City. (FILE PHOTO)

MANILA, Philippines —State agencies and private entities should start fortifying their computer systems against cyberattacks, a senator said on Sunday, after hackers recently leaked 730 gigabytes of data from the files of the Philippine Health Insurance Corp. (PhilHealth), which refused to pay a ransom of $300,000 (about P17 million) for the stolen information.

Another lawmaker called the incident a “wake-up call” for all public agencies as she urged the government to be extra vigilant in protecting the data of its citizens.

Article continues after this advertisement

“It is high time that we take the necessary steps to protect our critical information infrastructure by ensuring, at the minimum, compliance with international standards and globally accepted best practices for cybersecurity,” Sen. Sherwin Gatchalian said in a statement.

FEATURED STORIES

According to Gatchalian, the country’s information and communications technology (ICT) systems and infrastructures should be able to withstand hacking and quickly recover should such incidents happen.

“With the increased use of digital technologies in our daily lives,” he pointed out, “malicious actors, from casual scammers to highly sophisticated state-based groups, hunt for vulnerabilities in ICT systems and networks to steal information, disrupt essential services, and profit from attacks.”

Article continues after this advertisement

Gatchalian said that adopting and implementing minimum information security standards was “a globally accepted best practice” to effectively protect “the confidentiality, integrity, and availability of information that is vital to the nation.”

Article continues after this advertisement

‘Central authority’

Based on the findings of the , the data leaked by Medusa, a clandestine group that had admitted hacking into PhilHealth computers, included the personal information of possibly hundreds of thousands of the state insurer’s beneficiaries.

Article continues after this advertisement

Gatchalian had filed Senate Bill No. 2066, or the proposed Critical Information Infrastructure Protection Act, to require all critical information institutions (CII) to strengthen their cybersecurity systems.

Under the measure, he said the Department of Information and Communications Technology (DICT) would be mandated to “determine and update information security standards and require CII institutions to comply with such standards.”

Article continues after this advertisement

“It mandates the National Computer Emergency Response Team to act as the central authority for computer emergency response teams in the country and to administer the centralized information security incident reporting mechanism that would cover industries that include banking and finance, broadcast media, emergency services and disaster response, energy, health, telecommunications and transportation, among others,” Gatchalian added.

Other potential targets

House Deputy Minority Leader and ACT Teachers Rep. France Castro, on the other hand, warned of possible hacking attacks on other targets should the government fail to take extra steps to put in place adequate safeguards.

Castro said that the hacking of PhilHealth computers should alert all public agencies as she also called on the government to be more careful about handling the data of its citizens.

Along with her colleagues from the three-member Makabayan bloc, she filed a resolution last week calling for an inquiry into the cyberattack.

“Now imagine if these hackers target the database of the SIM registration, as well as that of the National ID system, the majority of Filipinos’ private data would be compromised,” Castro said.

She called on the DICT to come up with guidelines or minimum requirements for the “cyberdefense” of all government agencies and data repositories.

“It is almost laughable, if it is not so dangerous, that PhilHealth even sent out the alert that it was hacked through free email which is both unofficial and more prone to hacking,” Castro said.

The best DICT can do, according to her, is to build “unhackable systems” or at least put up the “best cyberdefense available” to prevent any more attacks in the future.

But if the government could not do this, it should “stop collecting sensitive data from Filipinos that can be exploited by unscrupulous groups and individuals,” Castro said.

Take ‘precautionary measures’

PhilHealth asked its members to take “precautionary measures” against all sorts of online scams as a result of the ransomware attack on the state insurer’s systems last Sept. 22.

PhilHealth said it “strongly recommended” changing passwords of online accounts, enabling multi-factor authentication, monitoring suspicious activities in online accounts, not opening and clicking suspicious emails and links, and not answering suspicious calls and text messages.

In a statement on Sunday night, PhilHealth also said it is “ready to face any inquiry… to get to the bottom of the incident” and vowed to fully cooperate with investigating agencies such as the National Privacy Commission, the National Bureau of Investigation and the Philippine National Police.

“Being responsible for the information [security] of our members, we are ready to cooperate in investigations to further improve our cybersecurity system,” PhilHealth chief Emmanuel Ledesma Jr. said in Filipino.

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the and acknowledge that I have read the .

“We assure the public that something great will come out of this incident to improve our service to our members,” he added.

—WITH A REPORT FROM DONA Z. PAZZIBUGAN
entertainment
globalnation
sports
entertainment
business
www
business
www
entertainment
sports
TAGS: cybersecurity, France Castro, National Privacy Commission, PhilHealth hacking, Philippine Health Insurance Corp., Sherwin Gatchalian

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the and acknowledge that I have read the .

© Copyright 1997-2024 | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies.