PhilHealth may adopt other procurement methods to update security

By Ruth Abbey Gita-Carlos

October 6, 2023, 7:49 am

MANILA — The Philippine Health Insurance Corporation (PhilHealth) may resort to any procurement method to update its cyber and infra security systems to thwart future cybersecurity attacks, the Government Procurement Policy Board (GPPB) said Thursday.

In a statement, the GPPB-Technical Support Office (TSO) said online procurement does not apply to PhilHealth since it has an existing subscription for antivirus software.

“This means that they have an existing contract with a locally available supplier, which, therefore, means that the cited GPPB Resolution will not apply,” it said, referring to GPPB Resolution 05-2022 which authorizes online purchase of items worth not more than PHP1 million.

“Hence, PhilHealth is authorized to conduct Public Bidding or adopt any of the alternative methods of procurement, as may be applicable, depending on their project requirements, or, at their option, avail the Guidelines on the Renewal of Regular and Recurring Services issued through GPPB Resolution No. 06-2022,” the GPBB-TSO added.

The statement was issued in response to PhilHealth executive vice president and chief operating officer Eli Santos’ remarks that the agency’s failure to renew its subscription licenses for antivirus software makes its computer system and data vulnerable to hacking.

The GPBB-TSO clarified that the new procurement process cited by Santos “pertains only to online subscriptions where there is no locally available provider and can only be directly purchased online using a credit card.”

It also stressed that the online procurement is subject to the issuance of a certification by the head of the procuring entity to pave the way for a “more expeditious and inexpensive mode of payment as required by COA Circular No. 2021-014.”

“Allow us to emphasize that the decision on the project requirements and procurement modality to be adopted is based on the sound procurement management decision of the PhilHealth as the procuring entity,” the GPPB-TSO said.

“It is likewise worthy to note that procurement rules, particularly the modalities available, are not limiting and are designed to enable the adoption of the most appropriate modality given the requirements of the procuring entity, which they, themselves, set in their Bidding Documents.”

The GPPB-TSO said it also conducts procurement training for various national government agencies, government-owned or -controlled corporations (GOCCs), and other institutions such as PhilHealth to help equip their personnel with the relevant and necessary skills and knowledge in procuring goods and services.

“Rest assured that the communication lines of the GPPB are always open for our colleagues in government, as well as our other stakeholders, should they have questions or needed information for purposes of clarification to avoid similar confusion,” it said.

Last month, PhilHealth's database was hacked through the Medusa ransomware which infected 72 workstations and the agency's e-claims system, member portal system, and collection system.

The agency resorted to a temporary shutdown of its website and implemented manual processing of its services to contain the issue. (PNA)