On Friday, the World Health Organization’s office in the Philippines clarified that it neither collects, processes, nor stores the personal data of Filipino citizens. The statement comes in response to reports about a purported WHO data breach.
The organization emphasized that it does not handle personal data, which solely falls under the jurisdiction of national governments. It was released due to the growing concerns and rumors regarding a possible security breach in the World Health Organization’s (WHO) database, which is said to include COVID-19-related records.
WHO clarified that their focus during the COVID-19 pandemic had been centered on gathering aggregated, population-level data from national health authorities across the globe. This includes compiling statistics on the number of COVID-19 infections, fatalities, and the volume of vaccine doses administered.
WHO data breach concerns: COVID-19 Data at Risk?
The World Health Organization categorically denied any reports of a WHO data breach related to its databases, labeling such claims as “false and inaccurate.”
The organization asserted its commitment to principles governing personal data protection, aligning with the United Nations Principles on Personal Data Protection and Privacy.
Last Tuesday, the Department of Information and Communications Technology (DICT) had expressed its intention to assist in investigating the alleged WHO database data breach.
The DICT spokesperson, Assistant Secretary Renato Paraiso, revealed that the WHO data breach was discovered by the Philippine National Computer Agency Response Team.
Paraiso disclosed that sensitive personal information, including names, addresses, birthdays, mobile numbers, email addresses, blood types, and medical histories of individuals enrolled in the COVID-19 vaccination program, may have been compromised in this WHO database data breach.
However, the extent of the WHO data breach remains unclear as the DICT has yet to gain access to WHO records.
What’s next in the WHO data breach incident?
The international nature of the WHO data breach poses a challenge for the DICT, as jurisdictional limitations prevent direct intervention without a formal request from the WHO or the Philippine government.
Paraiso emphasized that cooperation from the WHO is essential for a thorough investigation into the breach, stating, “If they do not request us to participate, we cannot ask them for their logs and do a deep dive into their systems to ascertain what went wrong.”
As the situation unfolds, questions linger regarding the alleged WHO database data breach. The Cyber Express has sought clarification from the WHO, but as of now, no official statement or response has been received.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.