The National Privacy Commission (NPC) ordered the Philippine Health Insurance Corporation (PhilHealth) to attend a hearing on Tuesday, Sept. 26, to explain the nature and extent of the data breach following the cyberattack on the state health insurer’s website.

In a press statement issued Monday, Sept. 25, NPC’s complaints and investigation division took swift measures to address the incident. It also initiated an onsite investigation on Thursday.

“These actions have been initiated to evaluate the impact of the alleged data breach and to assess the mitigation efforts undertaken by PhilHealth, with a primary focus on protecting the interests of the affected beneficiaries and contributors,” the statement read.

NPC was expecting PhilHealth to provide a complete report regarding the Medusa ransomware within the next two days following the statement’s release.

PhilHealth Spokesperson Dr. Ish Pargas said in an earlier statement to DZRH that no personal or medical information was compromised from the hacking incident.

Meanwhile, the Department of Information and Communication Technology (DICT) Undersecretary Jeffrey Ian Dy told the Philippine Star on Sunday, Sept. 24, that the data obtained by hackers from PhilHealth’s website had been exposed on the dark web.