^

Opinion

Although victimized in PhilHealth hacking, members will pay penalty

GOTCHA - Jarius Bondoc - The Philippine Star

Government kicked us PhilHealth members thrice in the gut in 2024.

It will kick us a fourth time early this New Year.

In January 2024 it raised our monthly contributions: P500 from earners of less than P10,000, up to P5,000 from those more than P100,000 – purportedly for our benefit.

But midyear it grabbed P60 billion of our money – for flood works and other political pork barrels.

Then it withheld P74 billion in sin-tax shares earmarked for indigent members – allegedly because PhilHealth has P400 billion, P500 billion, P600 billion “reserve,” it can’t even say for sure.

Now the National Privacy Commission says that 42 million of us members were victimized in the hacking of PhilHealth’s database two years ago.

NPC is ordering PhilHealth to pay P4.6-billion fine to the government.

Plus, to notify each of us 42 million, as required by the Data Privacy Act (DPA). At P16-postage a piece, that’s P672 million, not counting cost of paper, envelopes, printers, ink, electricity and labor.

The DPA requires such notification within 72 hours. But it hadn’t been done as of a House inquiry on July 8, 2024.

For sure, Malacañang’s appointee board members and top officers will not shell out of their pockets the P4.6 billion, plus P672 million.

They’ll get the money from our contributions.

Already victimized by privacy leak, we’ll be punished for the appointees’ incompetence.

Queues for PhilHealth services growing longer each year

*      *      *

For four months they hid the NPC’s Sept. 4, 2024 ruling. But broadcaster Ted Failon exposed it on Radyo5 Dec. 27.

Medusa Ransomware had struck PhilHealth members’ database Sept. 22, 2023. Hackers demanded $300,000 to unbind and $300,000 to delete the stolen data, plus $10,000 for an extra day to pay up.

No one told NPC, which learned about it only from a Manila Bulletin report. At once, NPC’s Complaints and Investigation Division stepped in.

On Oct. 5, 2023 Medusa uploaded the hijacked data on its Telegram Channel: 181.4 million files, some duplicated, of members’ names, birthdate, birthplace, gender, address, ID number, coverage period, usernames, passwords, sickness and hospital records.

Included were persons with disability, senior citizens, rebel returnees and soldiers and policemen killed in action.

CID discovered that PhilHealth’s anti-virus system had expired on April 15, 2023. Renewal documents were submitted to the Bids and Awards Committee on May 10, 2023. The new P14.25-million contract was awarded on Oct. 9, 2023.

By then, the database had been hacked and uploaded on the dark web.

On May 8, 2024 CID found criminally liable:

• Health Sec. Ted Herbosa as board chairman; Budget Sec. Amenah Pangandaman, then-Finance Sec. Ben Diokno, Labor Sec. Benny Laguesma, Social Welfare Sec. Rex Gatchalian, Marlene Padua, Alejandro Cabading, Jack Arroyo, Jason Valdez, Rene Lopez and president-CEO Emmanuel Ledesma as board members;

• Management executive committee members Ledesma, EVP-COO Eli Santos, SVP-actuarial and risk management Nerissa Santiago, SVP- chief information officer Jovita Aragona, Renato Limsiaco, Jose Tolentino, Dennis Mas, Israel Pargas and Clementine Bautista;

• Ledesma as president-CEO.

Herbosa thrice replied to CID. He claimed that the board was merely a governing body, that it was never informed of the expired anti-virus and that under the Administrative Code, the president-CEO is the head of agency who “exercises overall authority.” Ledesma should’ve appointed a data protection officer but didn’t, he swore.

President-CEO Ledesma alibied that he signed the supplemental budget for antivirus procurement on May 26, 2023. Too, that he “relied in good faith that subordinate offices delegated to comply with the DPA would perform such duties and elevate issues to MEC and board.” He alleged to not know that the Exchange Server was outdated.

MEC jointly averred that the antivirus’ expiration was not relayed to them for action, and that “an updated antivirus is no guarantee against cyberattacks.”

EVP-COO Santos disclaimed responsibility for data protection. He alleged to have volunteered, in the absence of the information management service head, in isolating and eradicating infected files, without paying ransom.

SVP Santiago said that, with no permanent appointee, she was only acting data protection officer.

On Sept. 4, 2024, NPC commissioner John Naga and deputy Leandro Aguirre ruled (deputy Nerissa De Jesus inhibited):

(1) EVP-COO Santos, SVP Santiago, infotech senior manager Nelson De Vera and infotech division chief Alan Sabeniano are liable for negligence.

Punishment under DPA Section 26: three years in prison plus P2-million fine for personal data leak, and six years in prison plus P4-million fine for sensitive data leak.

De Vera and Sabeniano denied any fault.

(2) Provide the Dept. of Justice with prosecutory documents.

(3) PhilHealth shall be fined two percent of previous year’s P228.633-billion gross income – P4.6 billion.

*      *      *

In terms of PhilHealth benefits, P4.6 billion means:

• Dialysis, 907,298 sessions at P5,070 each;

• Hemodialysis, 724,409, P6,350@;

• Cholera, 393,162 treatments, P11,700@;

• Typhoid, 235,897 to 336,996, P13,650-P19,500@;

• Influenza, 357,420 cases, P12,870@;

• Dengue, 235,897 to 336,996, P13,650-P19,500@;

• Leptospirosis, 214,452, P21,450@;

• Cataract, 221,153 surgeries, P20,800@;

• Normal birth, 707,692 deliveries, P6,500@;

• Caesarean, 242,105, P19,000@;

• Mammogram, 1.84 million, P2,500@;

• Breast cancer, 3,285 treatments, P1.4 million@;

• Prostate cancer, 46,000, P100,000@;

• Dental, 4.6 million checkups, P1,000@.

Members are told to check PhilHealth’s portal for case rates. Warning: if you’re sick, you’ll get sicker because the portal is difficult to maneuver even for a techie. More than two thirds are useless items, like rates that expired as far back as 2014.

*      *      *

Catch Sapol radio show, Saturdays, 8 to 10 a.m., dwIZ (882-AM).

Follow me on Facebook: https://tinyurl.com/Jarius-Bondoc

PHILHEALTH

  • Latest
  • Trending
Latest
Are you sure you want to log out?
X
Login

Philstar.com is one of the most vibrant, opinionated, discerning communities of readers on cyberspace. With your meaningful insights, help shape the stories that can shape the country. Sign up now!

Get Updated:

Signup for the News Round now

FORGOT PASSWORD?
SIGN IN
or sign in with