By Filane Mikee Cervantes, October 6, 2023; Philippine News Agency
MANILA – A House leader on Friday stressed the need for capital investments in cybersecurity following a cyberattack that affected the Philippine Health Insurance Corporation’s (PhilHealth) servers and workstations.
House Committee on Civil Service and Professional Regulation chairperson and Bohol Rep. Kristine Alexie Tutor said the cyberattack on PhilHealth is a “clear and present danger” to the health security of all its members nationwide.
“We can no longer be complacent and have a false sense of security that cyberattacks and ransomware incidents happen only in Europe and the United States because now we definitely know the Philippines is a target,” Tutor said.
Tutor said cybersecurity that is strong enough to defend against, investigate, prosecute, and counterattack cybercriminals, especially of the ransomware and infiltration kind, requires “huge capital investments”.
“The Philippine government cannot do this alone. This needs public-private partnerships and foreign technical assistance from lenders like the Asian Development Bank, Japan International Cooperation Agency, and the World Bank,” she said.
“Kailangan ng hakbang na iyan sapagkat sobrang kaunti lamang ng (That step is necessary because we only have a few) Filipino IT experts on cybersecurity — it is just a tiny community — at lubhang mahal ang customized cybersecurity software, hardware, at architecture designs (are quite expensive),” she added.
Aside from capital investments in cybersecurity, Tutor said swift measures are also crucial to make sure vulnerable websites have active defenses and a protective buffer between the websites and the agency databases.
“There must also be redundancies to ensure public services are not interrupted or can be back online swiftly,” she said.
Last month, PhilHealth’s database was hacked through the Medusa ransomware which infected 72 workstations and the agency’s e-claims system, member portal system, and collection system.
The agency resorted to a temporary shutdown of its website and implemented manual processing of its services to contain the issue.