Millions of health data and health information belonging to Indonesian citizens have been leaked again. At the end of August, about 1.3 million user data from the Health Alert Card (eHAC) application made by the Indonesian Ministry of Health, which contained COVID-19 data, was breached. The perpetrator is unknown.
Three months earlier, data belonging to 279 million Indonesian citizens collected by the Healthcare Social Security Administering Body (BPJS Kesehatan) was also leaked. This data was traded on raidforum.com. If this figure is accurate, it would be a new record for the largest health data breach case globally.
These two cases alone indicate that the level of data security in Indonesia is very weak. Moreover, health data is a type of personal data that is specific, sensitive, and confidential, and must be protected.
When complex health data is digitized and moved across organizational boundaries and health systems, we are faced with major questions about the level of security and confidentiality of health data in Indonesia, and what the priority of the government and citizens should be to improve its security.
Increasing Case Trends
The data security problem is becoming more serious because the trend of data breaches is increasing.
- Global: Globally from 2005 to 2019, the total number of individuals affected by health data breaches was about 249 million. More than half of that occurred within the last five years. The largest case of health data leakage occurred in 2015 when participant data belonging to the US health insurance company, Anthem Inc., was breached, affecting over 78 million people.
- US and Regulation: The United States (US) has a better health data protection system and policy with the existence of the Health Insurance Portability and Accountability Act (HIPAA). This Act mandates the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. However, even the system there is not free from the problem of vulnerable health data breaches. More than 2,100 healthcare data breaches have occurred in the US since 2009, with the majority (30%) occurring in hospitals. The trend continues to increase, from 18 cases in 2009 to 642 cases in 2020. The Federal Bureau of Investigation (FBI) and the Department of Health even issued a joint official statement in October 2020, warning that cybercrime targeting the healthcare sector will increase in the future.
- Indonesia: Health data breach cases are not new in Indonesia.
- In 2020, the data of 230 thousand COVID-19 patients in Indonesia was allegedly stolen and sold on RaidForums.
- In 2017, two national hospitals were affected by a type of malicious software called WannaCry ransomware that locked the hospital’s information system data and demanded a ransom.
