The statement was made by Cyber Security Expert, Alfons Tanujaya, according to him, this incident is like rice that has turned into porridge, there is nothing more that can be done, other than taking more responsibility in the future.
"Once again, we get an unpleasant new year's "gift". If the data is leaked, punishing the data manager will not cancel the leaked data. It is like rice has turned into porridge, data that has been leaked cannot be canceled and will always leak," said Alfons in information received by VOI, Friday, December 7th.
However, said Alfons, if the data manager can empathize with placing himself as the owner of the data and what he expects if the leaked medical data is the medical data of himself, his parents, friends or relatives. Of course he could be more careful in managing this huge responsibility so that the same thing doesn't happen again.
"At the very least, data managers must try to prevent the negative impact of exploiting this leaked data and proactively prevent the exploitation of this leaked data," said Alfons.
Alfons explained that leaked medical data could be misused and result in huge losses for the owner.
If a patient experiencing data leakage suffers from a certain disease or medical condition that is confidential and if it is known to the public it will result in him being shunned or dismissed from his job, of course this will be very detrimental. Or medical photos of patients that are inappropriate to be seen and then distributed will have a heavy psychological impact on the patient.
"This is only a slight risk due to leaked medical records and countless personal data such as telephone numbers and residence data are leaked and will obviously become targets for exploitation," said Alfons.
According to Alfons, Indonesian KTP holders have actually become victims of massive data leaks as indicated by the many misuses of population data for malicious purposes.
Such as opening fake accounts to collect the proceeds of crime, using Asphalt ID cards (fake ID cards with original data) to get financial benefits such as getting social assistance from the government, misuse of population data for other purposes such as activating Prepaid SIM cards, to telemarketer interference or debt collector terror. which abuses a database that should not be shared carelessly.
"Because of the frequency and prevalence of this happening, this is considered a natural thing. Even though this is an unnatural thing, it is impudent and violates the law," said Alfons.
"In connection with this incident (Ministry of Health data leakage), it can actually be a lesson from important data managers. Data security is not only enough to be done in terms of protecting data hostage by encrypting (ransomware) where ransomware anticipation is a backup of important data that is separate from the main database or use Vaccine Protect which can restore data even if it is successfully encrypted by ransomware," he added.
But furthermore, said Alfons, important data must also be protected from extortionware actions, where if the victim still does not want to pay because they have data backups, then the hacked data is threatened to be distributed to the public if the data manager does not pay the requested ransom.
"That's why appropriate anticipatory steps must be taken, such as encrypting sensitive databases on the server so that even if they are successfully hacked they will not be able to be opened or implement DLP Data Loss Prevention," said Alfons.
Previously, as many as 6 million hospital patient data in Indonesia were successfully hacked by an unknown perpetrator, the data allegedly containing COVID-19 patients was then sold on Raid Forums online.
According to the upload to the Twitter account @Dynbnyy, who first learned about this, the patient data was taken from the Ministry of Health's central server with a total of 720
The data includes personal data, X-rays, ultrasound, to patient medical videos. The perpetrators were also reported to have provided evidence of electrocardiographic, laboratory, and radiological medical data samples.
The hackers admitted selling this data to only one or two people in the form of cryptocurrencies such as Bitcoin worth US$150,000 or equivalent to Rp. 2.15 billion.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language.
(system supported by DigitalSiber.id)
