On Friday, the World Health Organization’s office in the Philippines clarified that it neither collects, processes, nor stores the personal data of Filipino citizens. The statement comes in response to reports about a purported WHO data breach.
The organization emphasized that it does not handle personal data, which solely falls under the jurisdiction of national governments. It was released due to the growing concerns and rumors regarding a possible security breach in the World Health Organization’s (WHO) database, which is said to include COVID-19-related records.
“During the COVID-19 pandemic, WHO collected from national health authorities around the world data that is aggregated at a population level, for example on the total numbers of COVID-19 infections, deaths, and vaccine doses administered in the country. These data are crucial for monitoring the progress of COVID-19 vaccination efforts nationally and globally”, reads the statement.
WHO clarified that their focus during the COVID-19 pandemic had been centered on gathering aggregated, population-level data from national health authorities across the globe.
WHO data breach concerns: COVID-19 Data at Risk?
The World Health Organization categorically denied any reports of a World Health Organization Data Breach related to its databases, labeling such claims as “false and inaccurate.”
The organization asserted its commitment to principles governing personal data protection, aligning with the United Nations Principles on Personal Data Protection and Privacy.
Last Tuesday, the Department of Information and Communications Technology (DICT) had expressed its intention to assist in investigating the alleged WHO database data breach.
The DICT spokesperson, Assistant Secretary Renato Paraiso, revealed that the WHO data breach was discovered by the Philippine National Computer Agency Response Team.
Paraiso disclosed that sensitive personal information, including names, addresses, birthdays, mobile numbers, email addresses, blood types, and medical histories of individuals enrolled in the COVID-19 vaccination program, may have been compromised in this WHO database data breach.
However, the extent of the WHO data breach remains unclear as the DICT has yet to gain access to WHO records.
What’s next in the WHO data breach incident?
The international nature of the World Health Organization Data Breach poses a challenge for the DICT, as jurisdictional limitations prevent direct intervention without a formal request from the WHO or the Philippine government.
Paraiso emphasized that cooperation from the WHO is essential for a thorough investigation into the breach, stating, “If they do not request us to participate, we cannot ask them for their logs and do a deep dive into their systems to ascertain what went wrong.”
WHO, however, denies this breach, stating, “WHO does not have access to underlying personal data, which is the exclusive domain of governments. Reports that a data breach linked to WHO or WHO-hosted databases has occurred are false and inaccurate. WHO abides by principles related to personal data protection embodied in the United Nations Principles on Personal Data Protection and Privacy“.
As the situation unfolds, questions linger regarding the alleged WHO database data breach.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.