About 13 to 20 million members’ data were compromised by the Medusa ransomware attack, according to the Philippine Health Insurance Corp. (PhilHealth).

“For the members, if we’re talking of the local workstation, we’re expecting 13 to 20 million names but hindi pa namin masabi yung exact number,” PhilHealth data privacy officer Nerissa Santiago told reporters at a press conference on Wednesday, Oct. 18.

Data ng 13-20 million indibidwal posibleng naapektuhan ng data breach, ayon sa PhilHealth @dzrhnews pic.twitter.com/WhPn2cdhFS

— Edniel Parrosa (@ednielparrosa) October 18, 2023

According to the state health insurer, the majority of data compromised were from “indirect contributors” such as senior citizens and indigent members.

Meanwhile, Santiago said that around 600 to 800 employees’ data were affected by the data breach.

DICT, NPC joint project

The National Privacy Commission (NPC) revealed on Wednesday its joint project with the Department of Information and Communications Technology (DICT) titled Digital Security and Privacy Quick Response (DSPQR) project.

“[The DSPQR project is] an innovative complaints-handling system designed to swiftly address privacy violations and concerns, securing the fundamental right to privacy for all citizens,” NPC said in its statement.

The national privacy agency said it would triage cases of cybersecurity threats, consumer-related concerns, and data privacy issues monitored and reported in its help desk systems.

"During this Cybersecurity Awareness Month, the DICT and NPC share a common goal: to protect the fundamental right to privacy while strengthening our resilience against the ever-evolving landscape of cyber threats,” DICT Secretary Ivan John Uy said.

“We also encourage our citizens to be vigilant and proactive in safeguarding their digital well-being. Report any privacy concerns or incidents promptly, as your active role is essential to our collective effort to ensure a safer and more secure online environment for every Filipino,” he added.