Cyber Bodies And Country Passwords: Well -Stored EHAC Data

ILLUSTRATION/UNSPLASH

JAKARTA - Spokesman for the National Cyber and Crypto Agency (BSSN), Anton Setiawan, said public data in the Electronic Health Alert Card (eHAC) system is still well stored amid the alleged leak of 1.3 million data from eHAC application users.

"What we are experiencing is not related to data leakage, this is part of the process. In cybersecurity we know it as threat information sharing", Anton said, quoted by Antara, Wednesday, September 1.

He explained that it is an exchange of information between parties who have permission to cybersecurity. They get vulnerability information from VPN Mentor which is then verified and followed up.

"The existing data is still well stored, this information is part of risk mitigation to take preventive steps", he said.

A loophole was found in the system where there was a potential for data leakage, but the gap has been closed and so far the Ministry of Health has stated that there has been no indication of a data leak.

Anton explained that technically the vulnerabilities found were referred to as sensitive data exposures. Vulnerabilities target a specific port which is like a door in an electronic system.

"Electronic systems work using ports, such as the door of the house, to transact data", he said.

Those ports have vulnerabilities. Supposedly, the data in the port can not be entered by unauthorized parties. Anton said that repairs have been made so that the port is closed and access is controlled.

Anton said, BSSN plays a role in Information Technology Security Assessment (ITSA) and provides input regarding the implementation of security in electronic systems. ITSA is a security assessment process on electronic systems/platforms/applications to look for vulnerabilities that have the potential to arise and can be used by other parties to exploit the system.

Quoted from the BSSN page, the scope of this service is in the form of vulnerability testing, providing advice and recommendations related to security to minimize the vulnerability gaps that exist in all information systems.

The recommendation given by BSSN is to strengthen security for systems or applications, in this case for the eHAC platform that is now shared. The latest eHAC application is integrated with PeduliLindung. The government ensures that old eHAC data is no longer connected to PeduliLindung.

Meanwhile, the Head of the Data and Information Center of the Ministry of Health, Anas Ma'ruf, said that his party had collaborated with the Directorate of Cyber Crime, the Criminal Investigation Department of the Indonesian National Police, who was investigating this matter. They are in charge when there is law enforcement action.

The Ministry of Health urges the public to use the PeduliLindung application where the latest eHAC features are integrated into it. Anas said that eHAC is a mandate of the law which is part of vigilance in the midst of dealing with the COVID-19 pandemic.

"The government will make the PeduliLindung platform as a single platform for handling the pandemic, all of which will be integrated into PeduliLindungi", said Anas.