MANILA – The Department of Information and Communications Technology (DICT) pushed for the creation of a cybersecurity law in the Philippines to enable it to investigate cyberattacks against the private sector, following the security breach against Maxicare.

DICT Undersecretary Jeffrey Dy said the National Computer Emergency Response Team could not even ascertain the extent of the data leak because it does not have access to the system of the health maintenance organization (HMO) provider.

Maxicare reports data breach to NPC

He said private companies are not mandated to report cybersecurity threats to the government unless they involve a data breach.

“This particular case, because they’re a private company and this involves personal information, malamang si NPC (National Privacy Commission) ang mag-iinvestigate kay Maxicare,” he said in an interview with ABS-CBN News on Wednesday,  

Dy hopes to make the reporting of all types of cybersecurity incidents mandatory, particularly for private firms that have critical information infrastructure such as those in the power, water, and health sectors.

Marcos approves 5-year national cybersecurity plan

“Ito yung mga kulang sa ating cybersecurity defense posture sa Pilipinas e. The National Computer Emergency Response Team does not have visibility even to our critical information infrastructures. Example, the ICT systems of the power sector, yung nagpapatakbo ng power grid, yung ICT systems ng nagpapatakbo ng water, ng dams,” he said.

“There should be a law that mandates them na government should be able to investigate for the welfare of the people,” Dy added.

DICT: 2TB of data affected in DOST cyberattack

Dy said the DICT has already submitted a draft bill to Congress and he is hopeful that lawmakers will support it.

Maxicare said it reported the data breach that hit its third-party service provider to the National Privacy Commission.