In Indonesia, the eHealth application has been widely used. It has also been recognized by World Health Organization (WHO) that Information and Communication Technology (ICT) provides a cost-effective and secure value to support various health sectors. The research method uses normative research which more emphasizes the use of positive law and comparisons of law with other countries. Meanwhile, the approach used in this study is a “qualitative empirical”. A primary legal material implementing statutory regulation in the field of Cyber law, and practically discusses how it is implemented in eHealth. This research examines two things in depth. Firstly; Is a “Data breach” committed by the electronic service providers? Secondly; Is a “Data theft” modus operandi achieved by the perpetrator? This study concludes that a “data breach” can occur due to “carelessness” or “bad faith” on the part of the service provider. Thus, bad faith behavior may intentionally process the data for illegal commercial purposes, either by processing it alone or by cooperating with other parties who use the data. Meanwhile, “Data theft” caused by “illegal access” activities there are carried out by the perpetrator, causing data can be changed, damaged, and deleted. Data related to eHealth is included in the category of special data that is protected by the laws and regulations in Indonesia. Thus, service providers should participate in providing data protection efforts by making “self-regulation” and providing training to service users, in an effort to avoid crime under Law Number. 27 of 2022 on Personal Data Protection.

Akanbi, Abolaji B., Adewale O. Adebayo, Sunday A. Idowu, and Ebunoluwa E. Okediran. “A Stacked Ensemble Framework for Detecting Malicious Insiders.” International Journal of Innovative Research in Computer Science & Technology 8, no. 4 (2020).

Almunia, Joaquín. “Speech - Competition and Personal Data Protection, Commissioner Joaquín Almunia.” European Commission. Last modified 2012. https://ec.europa.eu/commission/presscorner/detail/en/ SPEECH_12_860.

APJII. “APJII Di Indonesia Digital Outloook 2022.” Last modified 2022. Accessed February 14, 2023. https://

apjii.or.id/berita/d/apjii-di-indonesia-digital-outloook-2022_857.

Asikin, Z Amiruddin &. Pengantar Metode Penelitian Hukum. Jakarta: Raja Grafindo Persada, 2003.

Becerril, Anahiby Anyel. “The Value of Our Personal Data in the Big Data and the Internet of All Things Era.”

ADCAIJ: Advances in Distributed Computing and Artificial Intelligence Journal 7, no. 2 (2018): 71–80.

Bottis, Maria, and George Boucha. “Personal Data v. Big Data: Challenges of Commodification of Personal

Data.” Open Journal of Philosophy 8 (2018): 206–215. http://www.scirp.org/journal/ojpp.

Castells, M. The Information Age. III. Oxford: Blackwell, 1998.

Chai, Wesley, and Stephen J. Bigelow. “Cloud Computing.” Last modified 2022. Accessed February 14, 2023. https://www.techtarget.com/searchcloudcomputing/definition/cloud-computing.

Culnan, M. J., and C. C. Williams. “How Ethics Can Enhance Organizational Privacy: Lessons from the

Choicepoint and TJX Data Breaches.” MIS Quarterly 33, no. 4 (2009): 673–687.

Dymyt, Malgorzata. “The Role of EHealth in the Management of Patient Safety.” Journal of e-health Management 2020 (2020): 1–13. https://ibimapublishing.com/articles/JEHM/2020/341252/.

Ekran. “How to Prevent Human Error: Top 4 Employee Cybersecurity Mistakes.” Last modified 2019. Accessed October 9, 2022. https://www.ekransystem.com/en/blog/how-prevent-human-error-top-5- employee-cyber-security-mistakes.

European Court of Human Rights. Vereniging Weekblad Bluf! V. the Netherlands, Series A v (1995).

Eysenbach, Gunther. “What Is E-Health?” Journal of Medical Internet Research 3, no. 2 (2001): 1–5.

F. AL-Otaibi, Abeer, and Emad S Alsuwat. “A Study on Social Engineering Attacks: Phishing Attack.”

International Journal of Recent Advances in Multidisciplinary Research 07, no. 11 (2020): 6374–6380.

Fernandes, Diogo A.B., Liliana F.B. Soares, João V. Gomes, Mário M. Freire, and Pedro R.M. Inácio. “Chapter 25 - A Quick Perspective on the Current State in Cybersecurity.” In Emerging Trends in ICT Security, 423–442, 2014. https://www.sciencedirect.com/science/article/pii/B9780124114746000256.

Gillis, Alexander S. “Phishing.” Last modified 2020. Accessed October 16, 2022. https://www.techtarget.com/ searchsecurity/definition/phishing.

Herman, Herman. “6 Juta Data Pasien RS Bocor, Ini Risiko Yang Mengintai.” 7 January 2022. Last modified 2022. Accessed September 28, 2022. https://www.beritasatu.com/lifestyle/876043/6-juta-data-pasien- rs-bocor-ini-risiko-yang-mengintai.

Irwin, Luke. “Human Error Is Responsible for 82% of Data Breaches.” Last modified 2022. Accessed October 4, 2022. https://www.grcelearning.com/blog/human-error-is-responsible-for-85-of-data- breaches#:~:text=According to Verizon’s 2022 Data,to access the organisation’s systems.

Jain, S. N. “Legal Research and Methodology.” Journal of the Indian Law Institute 14, no. 4 (1972): 487–500. https://www.jstor.org/stable/43950155.

Journal, HIPAA. Healthcare Data Breach Statistics, 2022. https://www.hipaajournal.com/healthcare-data- breach-statistics/.

Kaspersky. “What Is Data Theft and How to Prevent It.” Accessed October 2, 2022. https://www.kaspersky. com/resource-center/threats/data-theft.

Kominfo. “Rapat Paripurna DPR Sahkan RUU PDP.” Last modified 2022. Accessed October 16, 2022. https://

aptika.kominfo.go.id/2022/09/rapat-paripurna-dpr-sahkan-ruu-pdp/.

Koyame-Marsh, Rita O., and John L. Marsh. “Data Breaches and Identity Theft: Costs and Responses.” IOSR Journal of Economics and Finance (IOSR-JEF) 5, no. 6 (2014): 36–45. www.iosrjournals.org.

———. “Data Breaches and Identity Theft: Costs and Responses.” IOSR Journal of Economics and Finance (IOSR-JEF) 5, no. 6 (2014): 36–45.

Langbroek, Philip, Kees van den Bos, Marc Simon Thomas, Michael Milo, and Wibo van Rossum. “Methodology of Legal Research: Challenges and Opportunities.” Utrecht Law Review 13, no. 3 (2017): 1–8.

Law Insider. “Medical Reports Definition.” Last modified 2022. Accessed October 4, 2022. https://www.

lawinsider.com/dictionary/medical-reports.

M.D., Pradeep. “Legal Research- Descriptive Analysis on Doctrinal Methodology.” International Journal of Management, Technology, and Social Sciences 4, no. 2 (2019): 95–103.

Martin, Kelly D., Abhishek Borah, and Robert W. Palmatier. “Data Privacy: Effects on Customer and Firm

Performance.” Journal of Marketing 81, no. 1 (2017): 36–58.

Martin, Nik. “Indonesia’s Jakarta Hit by Major Power Blackout.” Last modified 2019. Accessed October 2,

https://www.dw.com/en/indonesias-jakarta-hit-by-major-power-blackout/a-49884728.

Della Mea, Vincenzo. “What Is E-Health (2): The Death of Telemedicine?” Journal of Medical Internet Research 3, no. 2 (2001): 6–7.

Media Infokes. “Penggunaan Aplikasi Kesehatan Digital Di Indonesia, Hanya 10% Dari Total Penduduk.” Last modified 2019. Accessed October 4, 2022. https://media-infokes.com/2019/08/22/penggunaan- aplikasi-kesehatan-digital-di-indonesia-hanya-10-dari-total-penduduk/.

Mitchell, John. “Increasing the Cost-Effectiveness of Telemedicine by Embracing e-Health.” Sage Joulnals 6, no. 1 (2000). https://journals.sagepub.com/doi/10.1258/1357633001934500.

Norton. “Why Hackers Love Public Wi-Fi.” Last modified 2019. Accessed October 12, 2022. https://us.norton. com/blog/wifi/why-hackers-love-public-wifi#.

Okereafor, Kenneth, and Oluwasegun Adelaiye. “Randomized Cyber Attack Simulation Model: ACybersecurity Mitigation Proposal for Post COVID-19 Digital Era.” International Journal of Recent Engineering Research and Development (IJRERD) 05, no. 07 (2020): 61–72. www.ijrerd.com.

Ollmann, Gunter. The Phishing Guide. IBM, 2007. https://www.scribd.com/document/219802442/The-

Phishing-Guide-Understanding-Preventing-Phishing-Attacks-IBM-Internet-Security-Systems.

Peretti, K. K. “Data Breaches: What the Underground World of Carding Reveals.” Santa Clara Computer & High Tech 25, no. 2 (2008): 375–413.

Rahman, Rizal, Nazura Abdul Manap, and Sohaib Mukhtar. “Hacking in Cyberspace Identity Theft: A Comparative Analysis of Malaysia, United Kingdom, and Iran.” Baltica 23, no. 11 (2020): 67–86. https://www.researchgate.net/publication/347935764.

Robertson, Geoffrey, and Andrew Nicol. Media Law. Fifth Edit. London, UK: Penguin Books, n.d.

Salahdine, Fatima, and Naima Kaabouch. “Social Engineering Attacks: A Survey.” Future Internet 11, no. 4 (2019).

Saputra, Andi. “Jual Database Nasabah Perbankan, Warga Tangsel Dibui 9 Bulan.” Detik News. Last modified 2019. Accessed October 2, 2022. https://news.detik.com/berita/d-4588549/jual-database-nasabah- perbankan-warga-tangsel-dibui-9-bulan.

Shankar, Nithya Mohammed, Zareef. “Surviving Data Breaches: A Multiple Case Study Analysis.” Journal of Comparative International Management 23, no. 1 (2020): 35–54.

Soekanto, Soerjono. Pengantar Penelitian HUkum. Jakarta: UI Press, 1986.

Source Defense. “What Is Data Theft?” Last modified 2022. Accessed October 3, 2022. https://sourcedefense.

com/glossary/what-is-data-theft/.

———. “What Is Data Theft?”

Statista. “EHealth - Indonesia.” Last modified 2022. Accessed March 26, 2023. https://www.statista.com/

outlook/dmo/digital-health/ehealth/indonesia.

Sudibyo, Agus. Jagad Digital. Jakarta: Kepustakaan Populer Gramedia, 2019.

Trautman, L. J., and P Ormerod. “Corporate Directors’ and Officers’ Cybersecurity Standard of Care: The

Yahoo Data Breach.” American University Law Review 66 (2017): 1231–1291.

usa.gov. “Identity Theft.” Last modified 2022. Accessed October 3, 2022. https://www.usa.gov/identity-theft. verizon.com. “2022 Data Breach Investigations Report.” Last modified 2022. Accessed October 4, 2022.

https://www.verizon.com/business/resources/reports/dbir/.

Virmani, Charu, Neha Kaushik, Mohak, Vishnu Mathur, and Sanskar Saxena. “Analysis of Cyber Attacks and Security Intelligence: Identity Theft.” Indian Journal of Science and Technology 13, no. 25 (2020): 2529–2536.

Walker, Clive, and David Wall. The Internet, Law and Society. UK: Person Education Limited, 2000.

White, Jamie. “Yahoo Announces 500 Million Users Impacted by Data Breach.” 2021. Last modified 2021.

Accessed October 4, 2022. https://lifelock.norton.com/learn/data-breaches/company-data-breach.

WHO. “EHealth.” Last modified 2022. http://www.emro.who.int/health-topics/ehealth/.

Decree of the Minister of Health Number 192/MENKES/SK/VI/2012 Regarding Roadmap of Strengthening Action Plan Indonesian Health Information System, n.d.

Decree of the Minister of Health of the Republic of Indonesia No. 374/MENKES/SK/V/2009 Concerning the National Health System (NHS), n.d.

Regulation of the Minister of Communication and Informatics No. 20 of 2016 Concerning Protection of Personal Data in Electronic Systems, n.d.

Regulation of the Minister of Health, No 18 of 2022 Concerning Implementation of One Data in the Health Sector Through the Health Information System., n.d.

The Law Number. 27 of 2022 on Personal Data Protection, n.d.

The Law Number 19 of 2016 Concerning Amendments to Law Number 11 of 2008 on Information and Electronic Transactions, n.d.

The Regulation of the Minister of Health of the Republic of Indonesia Number 24 of 2022 Concerning Medical Records, n.d.