Empowering PhilHealth Data Subjects: Check Your PhilHealth Data Security with NPC’s “Na-leak ba ang PhilHealth Data ko? Portal

In a groundbreaking move to protect data privacy and foster trust among the people of the Philippines, the National Privacy Commission (NPC) has launched the "Na-leak ba ang PhilHealth Data ko?", a simplified database search portal designed to help individuals verify the status of their personal information in light of the recent incident involving the Philippine Health Insurance Corporation (PhilHealth) database, purportedly exfiltrated by the Medusa Ransomware Group, and posted online on October 5, 2023. As of October 13, 2023, the initial batch of data available on the portal pertains to individuals aged 60 years and above, containing an estimated 1 million records out of 8.5 million senior citizens.

The primary aim of this tool is to empower Filipinos, especially senior citizens, to take proactive measures in safeguarding their data and securing themselves against potential risks like identity theft, financial fraud, phishing attacks, extortion, blackmail, medical identity theft, reputational damage, and invasion of privacy. This is particularly crucial due to their susceptibility to these exploitative acts.

This initiative, aptly named "Na-leak ba ang PhilHealth Data ko?”, is an independent project launched by the NPC, using a dataset reportedly released by the Medusa Ransomware Group. These files, comprising approximately 734 GB of extracted data, are now under scrutiny to update the portal and provide data subjects of all age groups with the information they need for their peace of mind.

It is crucial to note that "Na-leak ba ang PhilHealth Data ko?" portal exclusively focuses on this specific incident and does not encompass data breaches from other sources or incidents. A negative result from this search should not be misconstrued as an assurance of data security in other areas.

To utilize the portal, users are required to enter their PhilHealth Identification Number (PIN), and the portal will verify whether their personal information was part of the leaked data.

Privacy Commissioner Atty. John Henry D. Naga shares his commitment to your data privacy and security, stating, "The NPC's development of the "Na-leak ba ang PhilHealth Data ko? portal in an exceptionally short period demonstrates our unwavering dedication to protecting your personal information. We understand the paramount importance of your data's safety, and this tool stands as a testament to our commitment to your security and peace of mind."

"Through this groundbreaking initiative, we are here to empower you with the control and protection you deserve over your data and privacy. Your privacy matters, and your National Privacy Commission is here to protect it," he added.

NPC’s "Na-leak ba ang PhilHealth Data ko?" portal also serves a critical purpose by allowing data subjects to determine the status of their personal data while avoiding the potential risk of criminal liability. Downloading, processing, or utilizing the exfiltrated data from PhilHealth may constitute “unauthorized processing”, a violation of the Data Privacy Act of 2012, specifically Section 25 thereof, which carries significant legal consequences. This portal has been designed to empower individuals to remain compliant with the DPA, thereby safeguarding their personal information without inadvertently violating of the law.

The NPC assures users that the "Na-leak ba ang PhilHealth Data ko? database will be regularly updated to provide the most up-to-date information, gradually including data from all age groups affected by the PhilHealthLeak incident, offering a reliable resource for assessing the security of your personal data.

To access the "Na-leak ba ang PhilHealth Data ko? database search tool, visit: https://philhealthleak.privacy.gov.ph

For inquiries or more information, please contact [email protected]