A threat actor has allegedly leaked and is attempting to sell a database belonging to SatuSehat for the East Kotawaringin Regency (Kotim Kabupaten) in Indonesia. The data, which appears to contain sensitive patient information, was posted on a dark web forum. SatuSehat is Indonesia’s national health platform, designed to integrate patient health records from various healthcare facilities into a single system, making this a potentially significant data breach affecting numerous individuals.
The post, made by a new user on the forum, includes a sample of the allegedly stolen data, which seems to span from 2020 to 2025. The database purportedly contains records from the Indonesian Social Security Administering Body for Health (BPJS Kesehatan). The threat actor is offering the full database for sale and has provided cryptocurrency wallet addresses for the transaction. This incident raises serious concerns about the security of citizen data within the national health system and the potential for misuse of the leaked information.
The leaked data sample includes the following types of information:
- Timestamp of the record
- Medical Record Number (No MR)
- BPJS Number
- Patient’s Full Name
- Gender
- Assigned Polyclinic
- Print status
- Barcode
