The members of Maxicare HealthCare Corporation have been informed of a likely data breach that concerns their personal details.
The rupture came from a separate database that belonged to Lab@Home, a third-party laboratory service provider.
Active research is ongoing at Maxicare with the aim of sharing more information on the happening.
Maxicare HealthCare Corporation a Philippines-based healthcare service provider, recently issued a letter to its members stating there was a possibility that their personal and even medical data was compromised. The breach was, however, identified on June 13, 2024, after external access to some of Maxicare’s information systems was identified.
The stolen information was forwarded to Lab@Home, a third-party lab service provider that Maxicare members can utilize for home laboratory testing. Lab@Home maintains a different database and the two are not interconnected; they reside within the Maxicare network.
We also want to clarify that there is no need for members to go to the hospital immediately as Maxicare has addressed the concerns of its members. They are still exploring how to avoid more such Cases in the future with regard to the Company and are currently trying to determine the severity of the breach. Specifically, Maxicare has assured the public that it will release more information as it comes in with reference to its operations.
This attack is one of many cyber-attacks in the Philippines targeting different organizations like the Philippines National Police Firearms and Explosive Office (PNP-FEO), Department of Science and Technology (DOST), Maritime Industry Authority (MARINA), Toyota Motor Philippines, Robinsons Land Corporation and many others More recently Maxicare has informed the National Privacy Commission of the breach and is likely to take certain measures on the protection of personal information.
The unidentified DICT official quoted in the article is Jeffrey Ian C. Dy, the DICT Undersecretary for Infostructure Management, Cybersecurity, and Upskilling who was interviewed by the Manila Bulletin and cited an NAERT report that showed that the leakage of the personal data of Maxicare members started when a hacker chanced upon the login details of the third-party computing service provider. These credentials were used by the actor to get into the system inappropriately and extract the data that was in the system.
The personnel under the Undersecretary Dy said that they are willing to work closely with the NPC and are ready to help Maxicare if the latter may need it. He also gave a quadrupedal warning to all organizations noting that, this is a clear indication that the password policy is no longer safe and all organizations should adopt Biometric authentication or any other form of Multi-Factor Authentication. It also helps the organization to avoid future occurrences of a similar nature by identifying ways of doing things right.
Also, he emphasized that all public and private corporations have to exert increased vigilance when selecting outsourcing partners and demand that such partners apply high degrees of security in their operations. This is not just advice, it is imperative for this generation and the future tech-savvy generations to come.
This is not the end, but only the beginning of the malicious activities that could entail the risk of personal information leakage; Maxicare members are encouraged to be careful and report any abnormal activities in their accounts securely through the website. The company has also committed to raising the bar in terms of organizational security and preventing future leakages.
