Records of 13,000 Maxicare members exposed in latest data breach

MANILA, Philippines — Maxicare Healthcare Corp. on Wednesday confirmed the reported security breach that exposed personal information of some 13,000 members or less than 1 percent of its membership base.

In a statement, the insurance and healthcare plan provider said they were informed on June 13 about the unauthorized access to the personal information of members who used the booking platform of their third-party homecare provider, Lab@Home.

“Compromised information may include those used for booking requests, but no sensitive medical information was exposed,” the company said.

READ: Maxicare latest victim of data breach

“At this point, what we can confirm is that the business operations, network, and customer data of Maxicare have not been impacted in any way,” it added.

The company said its Lab@Home maintains a separate database for booking requests, which is not integrated with Maxicare’s system.

Emergency measures have also been implemented to ensure the privacy and safety of members who are possibly affected, according to the company.

“We launched an investigation together with a team of data security professionals and in partnership with an industry-leading cybersecurity firm,” Maxicare said.

“Our team is fully adhering to all regulatory requirements by the National Privacy Commission (NPC). We will continue to communicate with our valued members on this matter,” the company said further.

The NPC confirmed a day earlier that the company had notified them of the data breach last June 16, well within the 72-hour notification requirement provided by the law.

To date, Maxicare has 1.8 million members with 18 Maxicare primary care clinics, one wellness rehabilitation center, and two Maxicare wings in major hospitals, according to its website.

The company said it also has more than 20,000 affiliated doctors and specialists and is linked with over 1,300 hospitals and clinics, over 700 dental clinics, as well as 140 rehabilitation, dialysis, and eye centers.

Consumer rights issue

Meanwhile, a consumer rights group said they were alarmed by the recent spate of these data leaks involving customer records of big private companies.

READ: Hackers gain access to sensitive DOST data

Lawyer Simoun Montelibano Salinas, the spokesperson for the Malayang Konsyumer group, said the severity of the Maxicare breach and those involving Toyota Motor Philippines and Robinson’s Land constituted violations of the Data Privacy Act.

“Consumer data protection is of utmost importance, especially due to reports that the illicitly gathered data are allegedly being sold to the highest bidder. This violation puts into question the policy of digital integrity that the state should be implementing, and places the rights of our consumers to privacy in severe jeopardy,” he said in a message to the Inquirer.

He said that these were even more alarming given the recent data breaches of official government databases that had been taking place since the start of 2024.

“The fact that the attackers are now able to breach the private consumer data of private corporations means that the culprits are now acting with more sophisticated technology, as well as more illicit means and methods,” he said.

Because of these incidents, Salinas said the group is urging the Department of Justice and the National Bureau of Investigation to act swiftly and apprehend the responsible actors behind these data breaches.

The Malayang Konsyumer official also called on the NPC and the Department of Information and Communication Technology to expand the data protection and reporting mechanisms to protect consumers’ data against these breaches.