Be proactive vs cyber hacking, government, private sector urged | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

MANILA, Philippines — Government agencies and the private sector should take a proactive stance against cyber attacks in the aftermath of the successful Medusa ransomware attack on state universal health care insurer Philippine Health Insurance Corp. (PhilHealth), Information and Communications Secretary Ivan John Uy said yesterday.

“In the future, there will still be more of this. And we need to expect that… we need to anticipate that. And we need to prepare for that,” Uy said during the launch of Cybersecurity Month this October at the Department of Information and Communications Technology (DICT) central office in Quezon City.

Drawing a parallel to fire prevention where people should buy fire extinguishers and smoke detection systems, Uy said organizations should make sure to have cybsersecurity tools to protect them from hacking.

While cybsersecurity tools may come at a price, Uy said that falling victim to cyber hacking was going to be more costly. “There is greater cost in data breaches or destruction of information systems. So we need to be proactive,” Uy said in mixed English and Filipino.

Uy said the DICT, in coordination with their Cybersecurity Bureau and Cybercrime Investigation and Coordinating Center, and law enforcement agencies are investigating the PhilHealth ransomware breach. He added that the DICT was watchful of the next moves of the cybercriminal syndicate behind the attack, after the hackers failed to get the $300,000 ransom demanded from PhilHealth.

“They will try to monetize the information. They will try to do this by selling the information to scammers, to phishers who can use that data to get fake IDs, (get) SIM card registered with the fake information, or whatever… So we are monitoring that. Because they made no money from it. So they will find a way to monetize the information,” Uy said.


Scroll to continue

He said that a report that was submitted to him showed that the Medusa ransomware hackers had stolen some 600 gigabytes of data. “The concern of DICT now is, our analysts are looking at the data and information that they are posting on the different platforms,” he said.

Uy elaborated that the hackers were posting data links to the stolen information to get curious people to download or click not knowing they have inserted a malware on the link with which they can hack more people. However, he said that the sweep has so far showed that PhilHealth members’ database was not breached.

The DICT chief also stressed they need adequate funds, and some confidential or intelligence funds to procure cybersecurity tools under the radar of hackers, whether local or foreign.

“The cybersecurity budget of DICT keeps getting smaller. Starting from P1 billion (in 2022) cut to P600 million (2023) and in 2024 only P300 million. As the threat increases and widens, our cybersecurity budget is shrinking,” Uy lamented.

Cybersecurity Awareness Month

As the PhilHealth is facing controversy over a cyber attack that affected its application server, Malacañang issued a proclamation transferring the observance of Cybersecurity Awareness Month from September to October.

This was done through Proclamation No. 353, which sought to “synchronize the Philippines with the international observance of Cybersecurity Awareness Month in October.” It was also meant to “further signify the country’s unwavering commitment towards a unified approach in the digital era of governance.”

Proclamation No. 353 amended Proclamation No. 2054, which declared the month of September as Cybersecurity Awareness Month in 2010. The proclamation directed all other government entities and encouraged local governments, non-government organizations and the private sector to support the DICT and to actively participate in the annual observance.

Malacañang noted that the DICT Act of 2015 declares it a policy of the state to “ensure consumer protection and welfare, data privacy and security and foster competition and the growth of the information and communications technology sector.” The Data Privacy Act of 2012, meanwhile, mandates the state to ensure that personal data in information and communications systems in government and private sector are secured and protected.

Philippine Health Security Act

In light of the PhilHealth data breach caused by Medusa hackers, Quezon 4th district Rep. Keith Micah Tan has called for the immediate passage of the proposed Philippine Health Security Act.

House Bill 283, which was filed by Tan on 30 June last year, could have stalled the staggering data theft and leakage had it been passed by Congress. The measure addresses the need to prevent and cushion the impact of data breaches in the health sector through the creation of an inter-agency Philippine Health Security Council, which will be tasked to craft a national health security plan that can accelerate the implementation of the country’s International Health Regulations or IHR core capacities.

“The bill not only seeks to establish a health security national action plan and strengthen institutional capacity to implement disease prevention, surveillance, control, and response systems… including cyber-related breaches that may affect the operation of medical devices and compromise the integrity of health-related information,” Tan explained. — Michelle Zoleta, Alexis Romero


Click Here For The Original Story From This Source.

National Cyber Security