US ready to help PH combat cyberattacks amid spate of hackings

This month, the Philippine Statistics Authority also suffered a data breach in its Community-Based Monitoring System. (Pixabay Photo)

MANILA – The United States expressed its readiness to help the Philippines find ways to combat cybercrimes and cyberattacks amid the spate of hackings in government websites over the past weeks.

In a roundtable discussion Wednesday, US Ambassador to the Philippines MaryKay Carlson said there is no specific request for assistance from the Philippines as of yet but communication is ongoing on ways to address “all types” of cyberattacks.

“We are already working closely on cyber issues,” she said. “We have a very active coordination on how we can together combat cybercrimes and cyberattacks of all types.”

She said cybersecurity is central to the Philippines-US relations given that data from the US is also tied to Philippine data, especially with the country’s large business process outsourcing sector.

“[W]hen Wall Street closes down a lot of those backroom operations transfer out here so it’s not just Philippine data that is endangered by any attacks here, it’s US data, it’s data globally that could potentially be affected,” she said.

“This is an important issue for US-Philippine relations and we are working very closely with the Philippines on ways that we can combat cyberattacks,” she added.

The Philippine Health Insurance Corp. was earlier subjected to a ransomware attack, with cyberhackers demanding roughly PHP17 million for the compromised database.

This month, the Philippine Statistics Authority also suffered a data breach in its Community-Based Monitoring System.

More funds to counter cyberattacks

On Wednesday, Makati City Representative Luis Campos Jr. called for additional funding of up to PHP3 billion for the Cybercrime Investigation and Coordinating Center (CICC) to bolster the government’s cybersecurity defenses.

Campos cited the need to reinforce the CICC with a highly advanced data fusion hub and a round-the-clock security operations center for threat detection, response and prevention.

“We must bolster the CICC with all the necessary cutting-edge technologies to swiftly produce actionable intelligence against all types of threat actors – from thrill seekers and hacktivists to cybercriminals and cyberterrorists,” Campos said.

Campos noted that the CICC–which is the inter-agency body created by the Cybercrime Prevention Act of 2012 to suppress criminal activities that either target or use a computer, a computer network, or a networked device–has a budget of only PHP347.7 million in this year’s General Appropriations Law.

Campos said the center has only PHP320.8 million under the proposed 2024 national budget.

The center integrates the cybercrime-fighting divisions of the Department of Information and Communications Technology, National Bureau of Investigation, Philippine National Police, and the Department of Justice.

“We must also improve the center’s digital forensics and electronic evidence management systems,” Campos said.

Campos, citing the San Antonio, Texas-based business consulting firm Frost & Sullivan, said that the Philippines could be incurring up to USD3.5 billion (or nearly PHP200 billion) in economic losses every year due to cybercrime.

Cybercrime costs include stolen money, data damage and destruction, lost productivity, personal and financial data theft, intellectual property theft, embezzlement, fraud, post-attack business disruption, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.

On Tuesday, 4Ps Party-list Rep. JC Abalos and Minority Leader Marcelino Libanan jointly filed House Resolution 1392, urging the House Committee on Information and Communications Technology to conduct an investigation on the cyberattacks on the Philippine Health Insurance Corporation (PhilHealth), Philippine Statistics Authority (PSA), and the House of Representatives.

PhilHealth’s database was hacked through the Medusa ransomware, which infected 72 workstations and the e-claims, member portal, and collection systems.

To contain the issue, the agency resorted to a temporary shutdown of its website and implemented the manual processing of services.

It was followed by another hacking of the Community-Based Monitoring System of the Philippine Statistics Authority and the website of the House of Representatives.

Abalos said the resolution “signifies a pivotal step in safeguarding data privacy in the Philippines”.

“These incidents highlight the threat to the security and integrity of the digital platforms of our agencies, emphasizing the necessity of implementing additional measures to prevent such occurrences,” Abalos added.