IC warns of cyber attacks targeting insurers and HMOs
The Insurance Commission (IC) has called on all insurers, pre-need companies and health maintenance organizations (HMOs) nationwide to step up their cyber defenses following a series of attacks, which the regulator, could have compromised customer data.
In Circular Letter (CL) No 2021-42 dated June 29, Insurance Commissioner Dennis Funa said that the IC had “received information that some of its regulated entities had been the subject of cyber attacks … which have therefore led to data breaches “.
Specifically, they have suffered from distributed denial of service (DDoS) attacks and ransomware attacks, Funa said.
âSuch data breaches have led to data theft which, according to reports received by [the IC], may have included customer medical information, copies of ID cards, bank account statements, claim forms, payment records and contracts, âhe said.
The Inquirer asked Funa about the companies that have fallen victim to these attacks and the implications for their operations, but was yet to respond at the time of publication.
Funa has ordered all entities regulated by IC to “take all precautions to mitigate the risk of such cyber attacks and related risks, including upgrading their cybersecurity measures and continuing education of their IT and communications staff.” amid “alarming” cyber attacks targeting finance service providers.
Companies have also been ordered to comply with the provisions of the data protection law, such as implementing privacy and data protection measures and reporting data breaches.
Last year, the Ministry of Finance ordered its attached agencies, including the IC and Government Financial Institutions (GFIs), to unite to cost-effectively strengthen their defenses against cybercriminals.
Finance Secretary Carlos Dominguez III had called on all international financial institutions, public insurers, pension funds and revenue and treasury agencies under his leadership to reach an agreement on shared cyber defense strategies in order to avoid data breaches.
The order covers GFIs Development Bank of the Philippines, Land Bank of the Philippines and United Coconut Planters Bank (UCPB), as well as IC, Philippine Deposit Insurance Corp., Philippine Health Insurance Corp., Government Service Insurance System, Social Security System , the Customs Office, the Tax Office and the Treasury Office.
As a reminder, hackers amassed 167 million pesos from the state-run UCPB in June of last year, so Dominguez pledged to strengthen GFI’s data security measures. . INQ
Subscribe to INQUIRER PLUS to access The Philippine Daily Inquirer and over 70 other titles, share up to 5 gadgets, listen to the news, download from 4 a.m. and share articles on social media. Call 896 6000.
For comments, complaints or inquiries, contact us.