NPC Says PhilHealth Hacking Victims Can File Complaint; Warns Against Resharing Of Leaked Data

/in


The National Privacy Commission said people can claim damages if proven affected by the Medusa ransomware attack on the Philippine Health Insurance Corp.

Individuals who had their personal data stolen in the Medusa
ransomware attack on the Philippine Health Insurance Corp. (PhilHealth)
can file a complaint before the National Privacy Commission.

NPC
Public Information and Assistance Division chief Roren Marie Chin said
on Tuesday, Oct. 10, people who think their personal data had been
compromised in the successful ransomware attack on PhilHealth can file
their individual complaint before the commission.

“Individuals affected may file a complaint to NPC and if proven, they can claim damages,” Chin said.

She added their investigation of the complaint would determine the damage claims that can be awarded.

Warning

The NPC has also issued a warning against the resharing of leaked data from the PhilHealth ransomware attack.

“It
has come to our attention that the personal data exfiltrated from
PhilHealth is being shared illicitly. We want to emphasize the gravity
of this situation and the severe consequences that await anyone involved
in processing, downloading or sharing this data without legitimate
purpose or without authorization,” the NPC said in a statement on
Tuesday.

“In unequivocal terms, the NPC issues a stern warning to
the public: Any individual or organization found to process, download or
share the exfiltrated data from PhilHealth will be held accountable for
unauthorized processing of personal information and may face criminal
charges,” it stated.

The Privacy Commission emphasized that under
Section 25 of the Data Privacy Act of 2012 (DPA), those found guilty of
unauthorized processing of personal information will face penal-ties
that include imprisonment for one to three years and a fine ranging from
P500,000 to P2 million.

In addition, unauthorized processing of
sensitive personal information carries even more substantial penalties,
particularly imprisonment for three to six years and a fine ranging from
P500,000 to P4 million.

“Sharing such leaked data exposes
affected individuals to a range of risks, including identity…

Source…