AnaKalusugan Party-list Rep. Ray T. Reyes wants the Philippine Health Insurance Corp. (Philhealth) to be liable for failing to protect the personal information of its members.
He likewise scored Philhealth officials for blaming government procurement rules for its failure to update its antivirus systems.
According to PhilHealth, it has yet to determine the number of subjects or records affected by the breach, but names, addresses, dates of birth, sex, phone numbers and PhilHealth identification numbers may have been compromised.
“Dapat may managot sa nangyaring hacking at data leak sa Philhealth. They should quit their posts if they can’t competently follow guidelines that were meant to ensure integrity in government transactions,” Reyes said.
“Blaming the procurement rules just shows a failure of leadership in Philhealth and the lack of importance they place in protecting members’ data. Antivirus software are subscription based and can be easily procured with basic planning and management,” he added.
In an earlier interview, Philhealth executive vice president and chief operating officer Eli Santos said Philhealth failed to update its antivirus system due to “procurement issues” and “a strict compliance of rules and regulations.”
Meanwhile, the lawmaker also slammed Philhealth for its conflicting statements and lack of transparency during the breach.
“Nakakalungkot kasi pinapaikot lang tayo ng Philhealth sa pabagobago nilang statements. Sa simula sinabi nila na walang data leak hanggang sa umabot na tayo sa ganito. Hanggang ngayon malabo at walang kasiguruhan ang mga statements na inilalabas nila,” he said.
The lawmaker thanked DICT for helping restore Philhealth’s system but reiterated that the main concern is members’ data being compromised.
“Naayos na nga ang system at database ng Philhealth pero paano naman ang mga personal information na nakapost na sa dark web?” Reyes said.
“Hindi na po natin mababawi o mabubura ang mga bagay na nakapost sa internet at dahil sa malaking kapabayaan na ito ng Philhealth, di malayong magamit ng mga masasamang loob ang personal information ng mga Philhealth members sa mga ilegal na gawain,” he added.
According to PhilHealth, it has yet to determine the number of subjects or records affected by the breach, but names, addresses, dates of birth, sex, phone numbers and PhilHealth identification numbers may have been compromised.