THREE weeks back, specifically on Sept. 22, 2023, the Philippine Health Insurance Corp. (PhilHealth) shut down its website and online services, including the main conduit between the agency and its members, aka “the portal”, in response to a security breach. Very bad news!
Probing through news reports, I am even more frustrated with the apparent ineptitude and perpetual “passing of buck” that agency heads are inclined to do – and are doing – whenever something horrible happens! Goodness, it’s the age of digitalization. The buck stops with you!
I first learned about the hacking on the last week of September when a family member went to PhilHealth-Tagbilaran City Office to pay for our quarterly contributions. We were told the government agency’s system is hacked! Heck!
Tuesday this week, I, again, proceeded to the same office, only to be told the system is still down. Oh my…I sat for a while absorbing the enormity of the information I just gathered, and in the process, was able to observe everyone who came to pay their offices’ regular contributions feeling utterly dejected when told the system is still inoperative. There was a pregnant woman who was concerned about her insurance coverage considering her upcoming childbirth. There was one lady who asked about the “holes” in her payment – meaning, broken payment – which was promptly answered by, “just pay the unpaid months to update your status,” among others.
Let’s digest. There’s a cyberattack! And we are not prepared! Technology or conventional, our government system pathetically lags! It’s laughable if it weren’t a serious matter. Then, the expected fault-finding and passing of buck; hackers demanding ransom; politicians weighing in; experts talking; PhilHealth giving forth repeated assurances. All these while services to us – Filipino clients – are interrupted.
Blame game. PhilHealth blames the hack on new procurement rules. Pray tell, what’s the relationship between a hack and this new set of procurement rules. Eli Santos, executive vice president and chief operating officer of PhilHealth, said the failure to renew subscription of licenses for the antivirus software was due to the new rules set by the Government Procurement Policy Board, and this failure made its computer system outdated and vulnerable to cyberattacks. Santos explained though that “incident response” and antivirus systems are currently in place to fix the data breach issue.
First, we blame the new procurement rules, hence, our paralysis, then when the breach inevitably happened, the antivirus systems are in place. What? I couldn’t quite comprehend the contradiction!
Communication lens. I worked in the power industry for twenty years in the field of leadership communication. When a crisis hits, we immediately shift to crisis mode. What happens to PhilHealth is a colossal crisis.
In our training, when a situation is damaging, the company must find an ally in truth. Face the issue head on. How is this done? Own the problem – no use rationalizing or justifying; you will only come out dishonest or distorting the truth and losing your credibility – if you haven’t lost it yet. Then, swiftly act on the best course of action.
Given the weight of this problem, a crisis management team should have been formed as early as September 22, 2023 – or earlier if initial movement was detected, and the team working until the wee hours to ensure that the most effective communication plan (COMMPLAN) is in place. This comprises the official company statement owning the crisis situation and the identified steps to manage it; the appointment of an official spokesperson – not just the chief executive officer or its equivalent position – a highly-trained individual to engage the different agency clients particularly the media; first-hour press conference to disclose the crisis; frequent release of information – as soon as available – for dissemination to the public via the various media platforms; active and sustained collaboration with news reporters/media outlets, other government agencies, the private sector, and most especially PhilHealth members; interview with print and broadcast media; and the like.
For a solid communication campaign with cohesive information, the following maybe done while the crisis is ongoing: interviews with company spokesperson; regular release of advisories; updated news releases; holding of press conferences; availability to engage experts and key groups; among others.
The COMMPLAN will continue to work while troubleshooting is done on the beleaguered system, government authorities are locating the culprits, and agency heads are figuring out how not to be incapacitated by new procurement rules (no pun intended!) in the succeeding months.
Finally, the dissemination of correct information down the line – that is – is crucial in the provincial offices. Thus, PhilHealth must designate personnel to manage key information desks in all their offices to appease the worried public while the crisis is not resolved yet. Don’t rely on what’s published in the news. Your personnel on the ground should have a ready answer for your members.
As the saga continues, we want to remind the leaders of PhilHealth that protecting its online services is not only a must in good governance, but also an obligation of the state towards its citizens – the Filipino people – who are members of PhilHealth. Passing the buck simply won’t cut it.
***
The writer hosts Woman Talk with Belinda Sales at 91.1 Balita FM Tagbilaran City every Saturday, 2 p.m. to 3:30 p.m. She can be reached at belindabelsales@gmail.com. Twitter @ShilohRuthie./PN
