The Philippine Statistics Authority (PSA) sent a breach notification to the National Privacy Commission (NPC) on Tuesday, two weeks after the NPC reported the data breach on the Philippine Health Insurance Corp. (PhilHealth) servers.
The NPC said it cannot disclose any information yet on the PSA incident, as it will still need to verify the report and determine if it is indeed a data breach.
Meanwhile, on the leaked data from PhilHealth, the Privacy Commission advised all personal information controllers (PICs) and personal information processors (PIPs) of bank and non-bank financial institutions, public and private hospital and public telecommunication entities to keep of tight watch for questionable transactions where leaked personal details may be used.
The NPC issued the guidance Wednesday underscoring the urgent concern posed by the potential proliferation of counterfeit PhilHealth Identification Cards (IDs) in light of the recent incident.
The Commission advised all vulnerable institutions to exercise heightened vigilance in detecting and preventing the fraudulent use of counterfeit PhilHealth IDs during various transactions.
The guidance, issued Wednesday, noted several associated risk for banks and non-bank financial institutions such as identity theft, financial fraud and money laundering.
The Commission noted that fraudsters may exploit fake PhilHealth IDs to open fraudulent bank or financial accounts or conduct unauthorized financial transactions. This can lead to significant financial losses for both the bank and its customers.
Counterfeit IDs can also facilitate money laundering activities within the banking system, potentially exposing banks to legal and regulatory consequences.
NPC warned hospitals that fraudulent IDs may be used to claim healthcare benefits and services, leading to unwarranted financial burdens on hospitals and potentially compromising patient care.
In addition, the use of counterfeit IDs may also result in unauthorized access to patient records and sensitive medical information, jeopardizing patient privacy and confidentiality.
The Privacy Commission also called the attention of telecommunications companies since fake PhilHealth IDs may be used in the registration of SIM cards, that may lead to identity theft. Fake card users can also engage in criminal activities such as fraud, harassment, and scams while remaining anonymous.
The NPC reminded all concerned PICs, PIPs, and data subjects to take the advisory seriously and remain vigilant, refraining from any actions that could jeopardize their personal data.
It also called on the public to inform the agency should there be relevant information related to the use of counterfeit PhilHealth IDs.