Improving Indonesian Telemedicine cybersecurity – Securing a vital healthcare platform and increasing patients’ trust

Summary

This project is part of the United Kingdom Foreign, Commonwealth & Development Office (FCDO) commitment to build national cyber security capacity and resilience to cybersecurity threats in five middle-income countries. The UK Government’s Digital Access Programme provides support through: Government-to-Government technical assistance; cyber hygiene training; public awareness-raising; and research. It aims to reduce the impact of cyber harms on their governments, economies and citizens – particularly amongst groups vulnerable to online exploitation.

Details

Aim

The aim of the project was to improve Indonesian telemedicine platforms’ cyber defences, reassuring Indonesians that their data was secure, increasing healthcare coverage in rural areas and reducing the strain on healthcare facilities. The activities grew to cover the whole healthcare sector with the Ministry of Health using this to improve cybersecurity across its full portfolio.

Context

Indonesia has the world’s fourth largest population (over 270 million), of whom just under half are dispersed across more than 17,000 islands. For them, physical access to healthcare professionals can prove challenging, making telemedicine an important part of the country’s health system. With rural and vulnerable communities in mind, the Indonesian government has, for some time, been encouraging the use of telemedicine for both online consultations and treatments. In the 12 months to March 2020, the usage of Indonesian telemedicine apps doubled. Covid accelerated that growth still further as the country’s health system came under pressure. As demand for telemedicine grew, so did the urgency for wanting to make the telemedicine platforms secure.

Outcomes

• The establishment of a new information security framework that provides a baseline set of cybersecurity controls.
• A framework with the potential to roll out to 11,388 healthcare facilities across Indonesia, including 2,962 hospitals and 7,588 primary health care centres, serving the population of 260million.
• Improved ability of the Ministry of Health’s new Computer Security Incident Response Team (CSIRT) to respond to a cyber attack.

Outputs

• A security framework for the healthcare sector, taking into account key legislative arrangements.
• A privacy impact assessment methodology for electronic medical records and telemedicine patient data.
• A comprehensive incident response malware playbook.

Activities

• Delivery of a security framework session to participants from 5 different vertical hospitals serving approximately 500,000 patients.
• Two incident response exercises, leading to recommendations on how best to establish a new cross Indonesia Ministry of Health CSIRT.