The DICT is investigating the Philhealth Hacking Issue
Philhealth Ransomware Attack – Why do we always tend to find remedies rather than think of ways to prevent a bad thing from happening?
It is quite shocking that a company, under the government’s umbrella, was infiltrated by a group of hackers trying to squeeze money out of the public fund. Philhealth stated that the information of the members was safe despite the attack, even though it refused to pay $300,000 (P17,063,850) in ransom money for the stolen data.
Following that attack, the Department of Information and Communications Technology (DICT) released guidelines to ensure that this kind of cyber attack will not happen again.
In a report from Inquirer, DICT stated that the agency is already investigating the Philhealth ransomware attack.
“The DICT condemns the ransomware attack carried out against PhilHealth in an attempt to illegally access the information of its members. We shall continue to investigate and monitor the acquired logs from PhilHealth’s affected systems,” the agency stated.
DICT also said that it is working on restoring Philhealth’s security. It also vowed to protect the government system and infrastructure from this kind of malicious cyber attack.
These steps, ways, or measures sound good and promising but can’t they point out the cause of the problem?
Infrawatch PH Convenor Terry Ridon said earlier this week, based on the report from CNN Philippines that accountability must be implemented. He said that Philhealth has the highest budget among the Government-Owned and Controlled Corporations (GOCCs) but it failed to protect its system from hackers.
In Filipino, there is this saying, “nasa huli ang pagsisisi.” It is because we tend to forget to prevent bad things from happening and just go for the remedy or just make a massive effort to find a solution.
As the common mantra goes, “an ounce of prevention is better than a pound of cure,” government agencies should have thought this way. Why they did wait for the cyber attack to happen before ensuring the system would not allow it again to happen?
The bottom line is that the problem already happened because you failed to find ways to prevent this from happening or perhaps you were just too lazy to do it. With this age of technology, experts in the IT department of the government should have known that their systems can be hacked. With this kind of acknowledgment, then, they can do procedures to prevent this.
But why, oh why did they wait for the ransomware attack to happen first before doing something on this aspect? Perhaps, I will say this famous line on TV to those IT experts in different government departments, “Hoy, gising!”