top of page

Pinoy medical records compromised after WHO cyberattack - DICT

Data information related to the Philippines’ coronavirus vaccine program may have been leaked following a reported online hacking attack into the World Health Organization (WHO) database, the Department Of Information And Communications Technology (DICT) said on Monday.

DICT Spokesperson Aboy Paraiso said monitoring of the agency’s computer emergency response team confirmed the COVID-19 vaccination database of the WHO for the Philippines and India was compromised.

At risk are sensitive personal information of people who signed up for the COVID-19 vaccination program including their full names, addresses, birthdays, mobile numbers, email addresses, blood types, and medical histories.

“Our capability is limited because from all indications this is an international organization that was hacked and our jurisdiction is very limited. As far as we can say, it’s all COVID-19 related information,” said Paraiso in Maki Pulido’s report on “24 Oras”.

GMA Integrated News sought comment from WHO but the United Nations agency has yet to respond.

Security analyst Karla Cruz said around 180 million data sets were hacked and released to the dark web. She warned this poses a danger to the public.

“This is bigger than COME-leak (referring to the 2016 hacking attack against the Commission on Elections). This is bigger than PhilHealth. This is the biggest I think because it includes children. This is so detailed,” said Cruz.

“I can get a credit card in your name. Mag-shopping ako online…Kuha ako ng bagong sim card, OTP, (I can shop online. Buy new sim cards, and get OTP.)” she warned.

DICT’s Paraiso said: “If it can be linked to your financial data then it would be possible. I don’t want to downplay it na hindi siya mangyayari. It’s possible”.

(If it can be linked to your financial data then it’s possible. I don’t want to downplay it and say it won't happen. It's possible.)

To remain safe from cyberattacks, experts advised the public to change passwords every three months, activate multi-factor authentication in accounts and to use strong passwords. —Sundy Locus/RF, GMA Integrated News



bottom of page