Password-nya “admin123” Sejak 2014: Kenapa Rekam Medis Bisa Jadi Tumbal?

🔀 Read in English 🇬🇧

Selamat Datang di Hajriah Fajar: Hidup Sehat & Cerdas di Era Digital

Password-nya “admin123” Sejak 2014: Kenapa Rekam Medis Bisa Jadi Tumbal?

Waktu pertama kali saya bantu setting ulang komputer di sebuah klinik kecil, saya dikasih selembar kertas yang isinya semua username dan password sistem manajemen pasien. Saya kira itu cuma catatan awal. Ternyata… itu memang SOP mereka. Lucunya, semua komputer pakai password yang sama: admin123. Udah gitu ditempel juga di monitor. Jujur ya, saya ketawa dulu baru pusing.

“Ah, itu kan cuma klinik kecil, nggak penting-penting amat.” Eh, tunggu dulu. Di klinik itu ada data ratusan pasien, lengkap: nama, alamat, NIK, hasil lab, bahkan catatan KB. Ada yang nyebut itu PII atau Personal Identifiable Information. Saya nyebutnya: data yang kalau jatuh ke tangan orang iseng, bisa jadi bencana mini buat hidup orang.

Bayangin deh, data kamu—hasil lab, rekam medis, nomor BPJS—diakses orang yang cuma modal ngetik "admin123"? Bisa aja dipakai buat pinjaman online, atau dipakai buat blackmail. Dan anehnya, ini kejadian bukan karena hacker jagoan, tapi karena kebiasaan sepele yang dilestarikan kayak warisan budaya.

Ada cerita menarik dari rumah sakit yang sistemnya ngadat gara-gara nama pasien ada titik dua. Iya, cuma karena : aja sistem bisa freeze. Admin panik, IT sibuk, dan dokter nungguin. Cuma karena input-an aneh, rekam medis jadi “nyangkut” di server. Ini bukan soal teknologi aja. Ini soal siapa yang ngejagain, dan seberapa niat ngejaganya.

Saya pernah ngobrol sama kepala klinik yang bilang, “Kami kan nggak ngerti soal beginian. IT-nya part time, terus sistemnya beli yang murah.” Nah, ini nih masalahnya. Sistem murah boleh, tapi password ditempel di monitor? Itu kayak beli pintu baja, tapi kuncinya digantung di gagang pintu.

Kadang saya mikir, kalau sistem keamanan di rumah sakit dibikin kayak cara kita jaga resep rahasia mie instan, mungkin semua bakal lebih aman. Soalnya, nggak mungkin ada yang tahu bahan rahasia mie favorit kamu kan? Tapi giliran password aplikasi rekam medis, semua orang tahu dan… pasrah.

Trus ada juga SOP aneh bin ajaib. Contoh: kalau ada staf baru, user lama dikasih password baru, tapi user lama tetap aktif. Alhasil, satu user bisa dipakai bareng. Jadi kalau ada masalah, nggak ada yang tahu siapa yang ngapain. Ini bukan sistem, ini chaos.

Beberapa kali saya nemuin klinik yang email-nya dipakai buat login ke 4 aplikasi sekaligus. Dan semuanya password-nya sama. Bahkan emailnya kadang masih login di HP lama milik mantan staf. Ini tuh bukan cuma masalah teknis, tapi juga soal rasa percaya dan manajemen data. Data itu kayak pasien juga—harus dijaga privasinya.

Oke, mungkin kamu sekarang mikir: terus solusinya apa dong? Harus hire hacker? Harus beli software miliaran? Nggak juga. Yang paling pertama adalah berhenti nganggep ini bukan urusanmu. Semua staf, dari dokter, perawat, sampai admin, punya tanggung jawab menjaga keamanan data.

Langkah kecil yang bisa dimulai:

• Ganti semua password default. Sekarang juga.
• Gunakan password berbeda untuk tiap akun penting.
• Kalau bisa, pakai 2FA (verifikasi dua langkah) meskipun agak ribet awalnya.
• Update software secara rutin. Jangan tunggu error dulu baru panik.
• Buat SOP pencatatan password yang aman. Bukan ditempel di monitor ya!
• Kalau ada staf keluar, pastikan aksesnya dicabut.

Dan yang paling penting: ngobrol. Ngobrol soal ini ke teman kerja, atasan, bahkan pasien (kalau perlu). Kadang kesadaran muncul bukan dari training, tapi dari obrolan ringan pas nunggu pasien.

Saya tahu nggak semua orang bisa langsung ngerti istilah kayak “ransomware” atau “enkripsi end-to-end”. Tapi semua orang ngerti yang namanya rasa malu kalau data pasien bocor dan muncul di grup WhatsApp keluarga.

Akhirnya, kita semua cuma perlu mulai dari hal kecil: sadar, mau tanya, dan pelan-pelan ubah kebiasaan. Kalau kamu pernah pakai password “admin123” sejak 2014, artikel ini bukan buat ngejek. Tapi buat ngingetin: kita bisa lebih baik dari itu.

Welcome to Hajriah Fajar: Living Smart & Healthy in the Digital Age

The Password Has Been “admin123” Since 2014: Why Medical Records Keep Getting Sacrificed

The first time I helped reset a computer at a small clinic, they handed me a crumpled piece of paper with all the usernames and passwords for their patient management system. I thought it was a temporary note. Turns out… that was their standard procedure. And guess what? Every single computer used the same password: admin123. Oh, and it was taped to the monitor too. I laughed before I panicked.

“Oh, it’s just a small clinic, not that important.” Wait a sec. That clinic had data from hundreds of patients: full names, addresses, ID numbers, lab results, even birth control history. Some call it PII—Personally Identifiable Information. I call it: stuff that could ruin lives if it ends up with the wrong person.

Imagine your medical data—lab results, insurance ID, prescriptions—getting accessed by someone who just typed "admin123". That info could be used to apply for shady loans, or worse, used to blackmail. And the weird part is, this doesn’t happen because of some evil genius hacker. It happens because of old habits that everyone just… lives with.

There’s this one hospital where the whole system crashed because a patient’s name had a colon in it. Yup, just :. The system froze, the admin panicked, the IT staff scrambled, and the doctor had to wait. One weird input, and boom—medical history stuck in limbo. This isn’t just about tech. It’s about who’s guarding the system, and whether they even realize what they’re guarding.

I once spoke with a clinic director who said, “We don’t really get this stuff. Our IT guy is part-time, and we bought the cheapest system.” That’s the core problem. Buying cheap software is fine, but taping the password to the screen? That’s like installing a vault door, then hanging the keys right outside.

Sometimes I think: if hospitals guarded patient data the way we guard grandma’s secret noodle recipe, things would be safer. You’d never share the exact spice blend, right? But somehow everyone knows the EMR password and... shrugs.

And then we’ve got some truly cursed SOPs. Like: when a new staff member joins, they just reuse an old account with a new password, but never delete the old one. So technically, several people might be logging in as the same user. If something goes wrong, good luck figuring out who clicked what. That’s not a system. That’s digital anarchy.

I’ve seen clinics where one email address is used to log into four different apps. And they all use the same password. Sometimes, the email is still logged in on the old phone of a staff member who quit two years ago. This isn’t just a tech flaw—it’s a trust and data hygiene issue. Patient data is like the patients themselves: it needs privacy and care.

Maybe now you’re thinking: so what’s the fix? Should we hire a hacker? Buy a million-dollar system? Not really. The first and biggest step is to stop pretending this isn’t your job. Every staff member—doctor, nurse, admin—has a role to play in protecting data.

Here are small things you can start with:

• Change all default passwords. Like, now.
• Use different passwords for each important account.
• If possible, activate 2FA—even if it’s annoying at first.
• Keep your software updated. Don’t wait for it to break.
• Make a safe password log. Not taped to your screen, please.
• When staff leave, revoke their access immediately.

And here’s what matters most: talk. Talk about this stuff with coworkers, bosses, even patients (if needed). Sometimes awareness spreads better through casual conversation than through any boring cybersecurity training.

I get it—not everyone has time to learn what “ransomware” means, or how “end-to-end encryption” works. But everyone understands the shame if a patient’s sensitive info shows up in the family WhatsApp group.

In the end, all we need is to start small: be aware, ask questions, and slowly fix our habits. If you’ve used the password “admin123” since 2014, this article isn’t to roast you. It’s a nudge—a reminder that we can absolutely do better.