In the wake of the recent data breach incident involving the Philippine Health Insurance Corporation (PhilHealth), the National Privacy Commission (NPC) has taken swift action to empower data subjects by launching the “Na-leak ba ang PhilHealth Data ko?” portal. This web-based tool aims to assist individuals in assessing whether their personal data may have been compromised in the breach that occurred on 05 October 2023, purportedly by the Medusa Ransomware Group.
The “Na-leak ba ang PhilHealth Data ko?” portal can be accessed via https://philhealthleak.privacy.gov.ph, and it is designed to provide data subjects with a simple way to check the security of their personal information. The tool requires users to input their 12-digit PhilHealth Identification Number (PIN) and will return information about whether their PIN is among the data released by the Medusa ransomware group. Importantly, this portal does not collect or store any data input by users, ensuring data privacy and security.
The NPC has issued a Privacy Notice and Disclaimer to emphasize several important points:
Limited Scope: The search tool only covers a dataset released by the Medusa ransomware group on 05 October 2023. It does not encompass the entire leaked PhilHealth database or data from other personal data breaches. Therefore, a negative result from this search does not guarantee the security of personal data in other contexts or databases.
Inconclusive Results: The nature of data breaches and ransomware incidents is complex and ever-evolving. An absence of personal data in the search results does not definitively confirm that information has not been compromised.
Continuous Updates: The portal will be regularly updated as additional information becomes available, ensuring that users have access to the most current and comprehensive information.
Data Privacy: The NPC is committed to protecting data privacy in accordance with the Data Privacy Act of 2012 (DPA) and its Implementing Rules and Regulations.
By using this search tool, users acknowledge and accept the limitations outlined in the Privacy Notice and Disclaimer. The NPC strongly encourages individuals to exercise caution and stay informed about the latest cybersecurity developments to protect their personal data effectively.
The NPC has already identified over 1 million PhilHealth Identification Numbers (PINs) from a vulnerable group, specifically Senior Citizens, as part of the leaked database. According to the website, this is just the beginning of the NPC’s efforts to identify affected individuals, and more PINs may be added as further data is analyzed. Users are encouraged to regularly check for updates and stay informed about the evolving situation.
