Photo credit: NPC

The National Privacy Commission (NPC) is investigating the potential violations of the Data Privacy Act of 2012 by the Philippine Health Insurance Corporation (PhilHealth) and its officials.

This comes in the wake of a data breach that exposed confidential information from PhilHealth's systems.

On October 6, 2023, the NPC's Complaints and Investigation Division completed its initial analysis of 650GB worth of compressed files, part of the data dump claimed by the Medusa group.

It also discovered a staggering 734 GigaByte worth of data, including personal and sensitive personal information.

In response, the NPC has initiated a sua sponte investigation to ascertain the full extent of the breach, identify those responsible, and recommend legal prosecution to the fullest extent allowed by law.

During a recent media interview, PhilHealth implicitly admitted to a degree of negligence on their part, with one of their officials suggesting that the expiration of antivirus software may have contributed to the vulnerability that allowed the breach to occur.