PhilHealth hackers could face up to 20 years jail time — PNP

The hackers who leaked data from a recent ransomware attack against the Philippine Health Insurance Corporation (PhilHealth) may face up to 20 years of imprisonment, the Philippine National Police (PNP) said on Friday.

PNP spokesperson Police Colonel Jean Fajardo told GMA News Online that the hackers committed a crime punishable under Republic Act No. 10175 or the Cybercrime Prevention Act of 2012.

“Unauthorized access to a computer system is a criminal offense, and the hacker could face both criminal charges and civil liability for damages,” she said in a text message.

“Hacking and other illicit computer-related acts such as illegal access, illegal interception, data interference, system interference, and misuse of devices which includes unauthorized use of passwords, access codes, or similar data are all punishable with six to twelve years imprisonment and fines. Reclusion temporal for Illegal Access since Philhealth can be considered as critical infrastructure,” she added.

According to her, the penalty of reclusion temporal shall be from twelve years and one day to twenty years.

Those who will be found guilty may face up to a P10 million-fine, the law also stated.

On Thursday, the Department of Information and Communications Technology (DICT) said hackers have leaked the compromised data from the ransomware attack against PhilHealth.

The DICT said the Confucius group uploaded a copy of over 600 gigabytes of files to a website and a Telegram channel after 4 p.m. on October 5, two days after the deadline for a ransom payment of about $300,000, or approximately P17 million, expired.

A video of the leaked information showed photos, bank cards, and transaction receipts of the victims, among others.

On Friday, the DICT clarified that the transaction data of some PhilHealth members were leaked but the members' database was not affected by the cyberattack.

DICT Undersecretary Jeffrey Dy said their analysis showed that there were no remnants of the Medusa malware in the members' database. — RSJ, GMA Integrated News