Enhanced cybersecurity services pushed amid PhilHealth hack

He cited as an example the ongoing cyberattack on PhilHealth’s database wherein cybercriminals have asked for USD300,000 in exchange for handing over decryption keys, as well as deleting and not publishing the data they illegally obtained. (PNA file photo by Joan Bondoc)

MANILA – Senator Win Gatchalian on Sunday called on all government agencies and the private sector to beef up their protection against cybersecurity threats, taking note of the hacking of the Philippine Health Insurance Corp. (PhilHealth) that remains unresolved.

“It is high time that we take the necessary steps to protect our critical information infrastructure by ensuring, at the minimum, compliance with international standards and globally accepted best practices for cybersecurity,” he said in a news release.

Gatchalian filed Senate Bill 2066, or the Critical Information Infrastructure Protection Act, mandating all covered critical information institutions (CII) to adopt and implement adequate measures to protect their information and communications technology (ICT) systems and infrastructures and respond to and recover from any information security incident.

It also mandates the Department of Information and Communications Technology (DICT) to determine and update information security standards and require CII institutions to comply with such standards.

The proposed bill also mandates the National Computer Emergency Response Team (NCERT) to act as the central authority for computer emergency response teams in the country and to administer the centralized information security incident reporting mechanism that would cover industries that include banking and finance, broadcast media, emergency services and disaster response, energy, health, telecommunications, and transportation, among others.

Gatchalian said more Filipinos and businesses rely on digital technologies to perform their daily tasks, especially after the Covid-19 pandemic.

On the average, Filipinos are estimated to use and consume 4.3 more digital services compared to pre-pandemic years.

E-commerce also continues to grow exponentially, and sales are expected to be valued at USD10.3 billion by 2025, the senator said, citing estimates made by GlobalData.

“With the increased use of digital technologies in our daily lives, malicious actors from casual scammers to highly sophisticated state-based groups, hunt for vulnerabilities in ICT systems and networks to steal information, disrupt essential services, and profit from attacks,” Gatchalian said.

He cited as an example the ongoing cyberattack on PhilHealth’s database wherein cybercriminals have asked for USD300,000 in exchange for handing over decryption keys, as well as deleting and not publishing the data they illegally obtained.

“The adoption and implementation of minimum information security standards is a globally accepted best practice to provide guidance, which would lead to more efficient use of resources, improved risk management, consistent delivery of critical and essential services and effective protection of the confidentiality, integrity, and availability of information that is vital to the nation,” he said.