The National Privacy Commission (NPC) has summoned the Philippine Health Insurance Corporation (Philhealth) to a hearing scheduled for September 26, in the wake of a cyberattack that hit Philhealth’s systems.
In a statement released Monday, NPC disclosed that it had granted Philhealth a two-day deadline to furnish a comprehensive report regarding the security breach.
Philhealth itself admitted to detecting the breach on the morning of September 22, but it only officially notified the NPC about the breach in the late afternoon
“We have issued a notice to explain to Philhealth, seeking detailed information concerning the nature and scope of the data breach,” the NPC said.
The NPC has announced its intention to conduct an on-site investigation on September 28, with the purpose of assessing the impact of the alleged data breach and evaluating the mitigation measures implemented by Philhealth to safeguard the interests of the affected beneficiaries and contributors.
“The [NPC] is fully committed to safeguarding personal data and ensuring the privacy of all individuals. Rest assured, we will keep the public informed of developments in this matter as they become available,” the agency said.