JAKARTA - Member of Commission I DPR RI, Muhammad Iqbal, regretted the alleged data leak from a government-owned application, namely the Electronic Health Alert Card (eHAC) application. There are at least 1.3 million users of this application belonging to the Indonesian Ministry of Health who have been affected by the data leak.
The leaked data includes user IDs containing identity card numbers (KTP), passports and data from COVID-19 test results, addresses, telephone numbers and hospital participant numbers, full names, birth dates, occupations, and photos, as well as a number of data. other important.
"The leak of personal data in this government-owned application is a form of negligence and the government's lack of responsibility, moreover, this data leak is not the only time this has happened," Iqbal told reporters, Wednesday, September 1.
The secretary of the MPR RI PPP faction said that the case of leaking personal data of the Indonesian people cannot be taken lightly. Because the community has lost many times because of this data leakage case.
"In the case of data leakage from eHAC, the Indonesian Ministry of Health and related parties must apologize to the public for the occurrence of this case, not just looking for who is at fault," said Iqbal.
According to him, cases of personal data leaks on government websites and state-owned companies have affected the public, both materially and non-materially. Therefore, Commission I of the DPR asked the government and state-owned companies to continue to strengthen the data security system.
"A weak data security system can invite cyber crimes such as online fraud and others," concluded the PPP politician.
Meanwhile, Member of Commission IX of the DPR RI, Netty Prasetiyani Aher, assessed that the alleged leak of the Ministry of Health's eHAC application data would have an impact on decreasing public trust in similar applications issued by the government. Along, during this pandemic, people are required to download certain applications to be able to access public services. "People are administratively forced to use certain applications, but the security of their data is not guaranteed by the government," said Netty to reporters, Wednesday, September 1. Netty also questioned data security in the PeduliLindung application which is a condition for traveling during PPKM.
"How is the security of the data in the PeduliLindung application? Is there a guarantee that the data will not leak?," asked Netty.
The deputy chairman of the PKS faction reminded that the government must provide evidence of security guarantees, not just promises.
"Don't blame it if people are suspicious and reluctant to use the PeduliLindung application," he said.
As a form of public accountability, said Netty, the government should apologize to the people. In addition, the government must involve the security forces to investigate this cyber crime so that the hackers are caught and punished. smart and smart," concluded Netty.
Ministry of Health's response is considered "slow"
Cybersecurity expert from CISSReC Doctor Pratama Persadha assessed that the Ministry of Health's response was slow related to the leak of the Ministry of Health's e-HAC data because it only took down the application server after the vpnMentor team reported this case to BSSN. Cybersecurity is still very slow," said Pratama Persadha who is also the Chairman of the Indonesian Cyber Research Institute CISSReC, Wednesday, September 1. In the case of an e-HAC data leak (an application for tracking and tracing COVID-19), Pratama continued, a new server was taken down. more than a month since the first report to the Ministry of Health. That was after the reporter in this case vpnMentor contacted the National Cyber and Crypto Agency. The e-HAC application whose data was exposed, as explained by the Ministry of Health, was different from the e-HAC currently used in the PeduliLindungi application. According to the Ministry of Health, the e-HAC application that This long time has not been used as of July 2, 2021. However, Pratama said, this data leak is still unfortunate because there are more than one million people's personal data exposed. From the vpnMentor team's data, they found this e-HAC database on July 16, 2021. The team then first checked the veracity of this data, then provided information to the Ministry of Health on July 21 and 26, 2021, then contacted Google as the hosting provider (where the website files are) on August 25, 2021. Because they did not get a response, said Pratama, the vpnMentor team contacted BSSN on August 22, 2021. The National Cyber and Crypto Agency immediately responded to the report and moved to the Ministry of Health. as the official of the National Encryption Agency, BSSN stated that vpnMentor himself did not find it difficult to expose the e-HAC database because he did not meet any meaningful protocol from the application developer. August, then on August 24, the e-HAC server was immediately taken down. Only after the report was received by BSSN, a takedown was immediately carried out,” said Pratama explaining. It was also explained that 1.4 million leaked data and 1.3 million e-HAC users. This data is in the form of names, hospital names, addresses, PCR test results, e-HAC accounts, and detailed data about hospitals and doctors who treat or examine e-HAC users. In fact, there are hotel data (places to stay), ID card numbers, passport numbers, emails, and others. This is very dangerous," said Pratama. For the government, according to him, this has increased distrust of the COVID-19 response and vaccination efforts, especially now that vaccination uses the PeduliLindung application as the spearhead. Different HAC according to information from the Ministry of Health," said Pratama.
Ministry of Health Claims eHAC Data Not Leaking
The Indonesian Ministry of Health ensures that data on 1.3 million eHAC (electronic-Health Alert Card) users are not leaked. The data in question does not flow to the partner party, the party believed to have experienced the leak.
This was confirmed by the Head of the Indonesian Ministry of Health's Data and Information Center, Dr. Anas Ma'ruf MKM. According to him, eHAC user data remains safe with the Indonesian Ministry of Health. "The Ministry of Health ensures that public data in the eHAC system is not leaked and under protection, community data in eHAC does not flow to partner platforms," said Anas at a press conference at the Indonesian Ministry of Health. Wednesday, September 1. Meanwhile, spokesman for the National Cyber and Crypto Agency (BSSN) Anton Setiawan said the alleged leak reported by vpnMentor was actually part of cyber security. In cybersecurity, it is known as threat information sharing," he explained. It was explained that vpnMentor provided information about vulnerabilities in the eHAC system which was then verified. The information was then followed up by the Ministry of Health. "So, the existing data is still stored properly. This information is part of risk mitigation to take preventive steps," said Anton.