The Insurance Commission (IC) has directed all insurers, pre-need firms and health maintenance organizations (HMOs) in the country to strengthen their cyber defenses following a spate of attacks, which the regulator warned might have compromised customers’ data.
In Circular Letter (CL) No. 2021-42 dated June 29, Insurance Commissioner Dennis Funa said the IC had “received reports that some of its regulated entities have been the subject of cyber attacks … that consequently led to data breaches.”
Specifically, they experienced distributed denial of service (DDoS) attacks and ransomware attacks, Funa said.
“Such data breaches led to theft of data which, according to reports received by [the IC], may have included customer medical information, copies of identification cards, bank account statements, claims forms, payment records, and contracts,” he said.
The Inquirer asked Funa about the companies that fell victims to these attacks and the implications on their operations, but he has yet to reply as of press time.
Funa ordered all IC- regulated entities to “take all precautions to mitigate the risk of such cyber attacks and related risks, which include upgrading their cybersecurity measures and further training of their information and communications technology personnel” amid the “alarming” cyber attacks targeting financial services providers.
Companies were also ordered to comply with the Data Privacy Act’s provisions such as the implementation of privacy and data protection measures and data breach reporting.
Last year, the Department of Finance ordered its attached agencies, including the IC and government financial institutions (GFIs), to band together to cost-effectively strengthen their defenses against cyber criminals.
Finance Secretary Carlos Dominguez III had asked all GFIs, state-run insurers, pension funds, and revenue and treasury agencies under his watch to forge an agreement on shared cyber defense strategies as a step to avoid data breaches.
The order covers GFIs Development Bank of the Philippines, Land Bank of the Philippines and United Coconut Planters Bank (UCPB), as well as the IC, Philippine Deposit Insurance Corp. , Philippine Health Insurance Corp. , Government Service Insurance System, Social Security System, the Bureau of Customs, the Bureau of Internal Revenue, and the Bureau of the Treasury.
To recall, hackers amassed P167 million from state-run UCPB in June last year, such that Dominguez had committed to buttress the GFIs’ data security measures. INQ