Several cases of alleged leaks of the government’s health data have occurred in Indonesia. The most recent one is the alleged data leak in Indonesia’s Health Alert Card or eHAC application managed by the Ministry of Health before it was merged into the PeduliLindung application.
A number of information technology experts have reminded the government to be careful with securing population data. Because in the digital era like today, data is a vulnerable element that must be protected so that it is not misused in a cybercrime.
In addition, the population data can also be used to analyze and map the behavior of residents in conflict situations or political engineering through social media and the internet, such as before the general election.
Here are a number of cases of alleged government health data leaks:
In May 2021, BPJS experienced a data breach, in which as much as 279 million Indonesian data was leaked and sold on a hacker forum.
The leaked data includes the data of the TNI and Polri members. The data sold on the forum consists of full name, ID card, telephone number, email, NID, and address.
The police also carried out an investigation related to the sale of data which was allegedly originated from the state-owned company. The Badan Reserse Kriminal (Bareskrim) Polri had also conducted a search towards the BPJS office for three days.
The data leak from the Indonesia Health Alert Card or eHAC application was first disclosed by a research team from vpnMentor, on July 15. At that time, vpnMentor had tried to contact the Ministry of Health regarding the data leak but received no response.
It was only on August 22 that the vpnMentor report received a response from the Badan Siber dan Sandi Negara (BSSN). As a result, on August 24, BSSN decided to take action by disabling the server of the old version of eHAC.
According to vpnMentor, the number of leaked eHAC data reached 1.4 million people, and 1.3 million people have been exposed.
President Jokowi’s Vaccine Certificate and NIK
President Joko Widodo’s (Jokowi) vaccine certificate was leaked and circulated on the internet. The screenshot that was circulating on the internet looked similar to the vaccine certificate available at PeduliLindung.
The screenshot poses the image of a Covid-19 Vaccination Certificate in the name of Ir. Joko Widodo with information about the date of birth, Nomor Induk Kependudukan (NIK), QR code, vaccination ID number, type of vaccine used, and the date the vaccination was carried out.
In addition, other internet users also shared photos of Jokowi’s e-KTP that contains information about his addresses and personal data without any censorship at all. As a result, Jokowi’s NIK can be easily accessed by the public.