Department of Electronics and Information technology, Faculty of Engineering, Universitas Negeri Makassar, Makassar, Indonesia.
World Journal of Advanced Engineering Technology and Sciences, 2025, 17(02), 470–474
Article DOI: 10.30574/wjaets.2025.17.2.1507
Received on 11 October 2025; revised on 21 November 2025; accepted on 24 November 2025
Background: Healthcare institutions are high-value targets for cybercriminals. In Indonesia, digitalization of patient records and national regulatory changes (Personal Data Protection law) have increased both attack surface and legal obligations for hospitals. Objectives: This study quantifies plausible attack incidence and operational consequences for a representative mid-sized Indonesian hospital, and evaluates mitigation effectiveness of a socio-technical defense framework combining Zero Trust, staff training, and regulatory compliance. Methods: We synthesized public incident data and peer-reviewed literature (2019–2025) and constructed a rationalized, plausible dataset representing one mid-sized public hospital (300 beds) and five small private clinics in a provincial health system. We simulated ransomware/phishing incidents and measured operational impacts (downtime, cancelled elective procedures, data exposure estimates) and costs (direct IT recovery + indirect clinical costs). Results: Our simulated baseline (current typical security posture) returned an annualized incident probability of 0.38 for at least one major ransomware event per facility, average electronic system downtime of 48–72 hours per incident, mean direct recovery cost USD 120k per major incident, and estimated indirect clinical costs (delays, diversions, lost revenue) USD 180k. Implementing a socio-technical defense package reduced successful major incidents by 76%, median downtime by 85%, and combined annualized cost by ≈70%. Conclusion: Indonesian healthcare institutions face materially elevated cyber risk; pragmatic investments in Zero Trust architectures, staff education, robust backups, and compliance with the Personal Data Protection law yield strong risk reduction and business continuity gains. Policy action, national incident-sharing, and subsidized cybersecurity support for resource-limited hospitals are recommended.
Healthcare cybersecurity; Ransomware; Indonesia; Zero trust; Socio-technical framework; Personal data protection
Get Your e Certificate of Publication using below link
Preview Article PDF
Faisal Syafar. Cybersecurity Attacks in Indonesian Healthcare Institutions: Incidence, Operational Impact and a Socio-Technical Defense Framework. World Journal of Advanced Engineering Technology and Sciences, 2025, 17(02), 470-474. Article DOI: https://doi.org/10.30574/wjaets.2025.17.2.1507.