The investigation into the alleged data leak through the Electronic Health Alert Card (eHAC) system is still on, although the Ministry of Health has said that no public data has been leaked, police has said.
“It is still ongoing, in the process of being investigated,” head of public relations for National Police, Inspector General Argo Yuwono told ANTARA on Monday.
Earlier, Yuwono had said that the National Police, through the Directorate of Cyber Crime, was helping investigate allegations of public data leak via the version of the Health Alert Card application developed by the Ministry of Health.
It has been a week since news broke of 1.3 million eHAC data leaks, but Yuwono did not disclose further details regarding the investigation. However, he confirmed that the investigation into whether the leak actually occurred was still ongoing.
Meanwhile, the Ministry of Health on September 1, 2021 asserted that public data in eHAC was not leaked and was protected.
Responding to a question on whether the police investigation will continue given that no criminal element has been reported in the incident, Yuwono said he would coordinate on this with the Ministry of Health.
“We will coordinate with each other, if we cannot find it, then that’s it,” he stated.
Head of the Indonesian Ministry of Health’s Data and Information Center, Anas Ma’ruf, had earlier stressed that data contained in the Electronic Health Alert Card (eHAC) system had not been leaked and was protected.
“Community data contained in eHAC does not flow to partner platforms. Meanwhile, community data on partner platforms is the responsibility of the electronic system operator, in accordance with the mandate of Law Number 19 of 2016 concerning electronic information or the ITE Law,” Ma’ruf said at an online press conference on September 1.
He said the Ministry of Health was grateful for the input from those who provided information about the vulnerability so that it could be followed up to avoid greater cybersecurity risks.
Information on the vulnerability found on the eHAC partner platform was reported by VPN Mentor, a site that focuses on Virtual Private Networks (VPN), and has been verified by the National Cyber and Crypto Agency (BSSN) and received by the Ministry of Health on August 23, 2021, he said.
The Ministry of Health then traced and found vulnerabilities in the eHAC partner platforms, he added. The respective platforms have taken action and made improvements to partner systems, he said.
As part of mitigating cyber security risks, the Ministry of Health has coordinated with the Ministry of Communication and Informatics, BSSN, and the Criminal Investigation Directorate of the National Police to investigate and ensure there are no other vulnerabilities from the application that can be used to exploit the system, he added.
Source: Antara News