Sudah Pernah Login, Jadi Gak Dicek Lagi? Bahaya SATUSEHAT Tanpa Zero Trust ( Tidak Mengadopsi Zero Trust )

🔀 Read in English 🇬🇧

Selamat Datang di Hajriah Fajar: Hidup Sehat & Cerdas di Era Digital

Sudah Pernah Login, Jadi Gak Dicek Lagi? Bahaya SATUSEHAT Tanpa Zero Trust

Ruang servernya adem. Tapi kepala operatornya panas. Bayangkan, jam 3 pagi, tiba-tiba muncul permintaan aneh ke sistem. “Ini siapa yang akses data pasien dari IP luar negeri?” tanya si admin sambil ngucek mata dan keringetan. Nggak ada yang jawab. Semua sudah tidur, tapi akses itu beneran terjadi. Dan sayangnya, sistem percaya aja. Soalnya token-nya valid. Sudah pernah login, jadi ya dianggap aman.

Kalau kamu pernah dengar istilah “Zero Trust”, konsep dasarnya sebenarnya gampang banget: jangan percaya siapa pun, bahkan kalau mereka sudah pernah login. Tapi di sistem besar seperti SATUSEHAT, yang terhubung ke ratusan rumah sakit dan klinik, konsep ini kadang dipotong jadi “Ya udah, yang penting udah login”. Nah di sinilah masalah mulai ngintip.

Aku pernah bantu salah satu vendor rekam medis elektronik buat integrasi ke SATUSEHAT. Prosesnya lumayan ketat, harus daftar developer, submit dokumen, whitelist domain. Tapi setelah dapat token? Sistemnya jadi kayak terlalu percaya. Asal token-nya masih hidup, semua request dilayani, bahkan kalau udah jam 2 pagi dan datanya dikirim dari server di Belarus.

Masalah ini bukan cuma di SATUSEHAT kok. Banyak sistem besar di Indonesia yang masih pakai logika “sekali percaya, selamanya diterima”. Padahal user bisa logout, tapi token-nya masih nyala. Atau lebih serem lagi: token-nya dicuri. Dan karena sistem nggak ngecek ulang identitas, ya... selamat datang kebocoran data.

Aku pernah nemu file `.env` di server staging yang isinya token SATUSEHAT. Iya, file itu bisa diakses publik. Tinggal ketik URL tertentu, dan boom, kamu bisa lihat kunci ke data ribuan pasien. Bayangin kalau itu dipakai bot buat ngeruk data terus jualan di dark web. Dan karena sistem percaya penuh sama token, gak ada satupun alarm yang bunyi.

Zero Trust bukan cuma paranoid gaya Silicon Valley. Ini soal kebiasaan untuk gak gampang percaya. Setiap request, bahkan dari akun yang udah dikenal, harus divalidasi. Bisa lewat re-authentication, fingerprint, atau minimal IP behavior analysis. NIST bahkan sudah bikin standar lengkapnya — kalau kamu penasaran sama teori-teorinya. Tapi intinya sih: trust is earned, not assumed.

Kalau kamu mau lihat langsung dokumentasi SATUSEHAT (termasuk soal API dan integrasi), bisa buka dokumentasi resminya di sini. Lumayan lengkap, meski kadang lebih teknis daripada manusiawi. Yah namanya juga dokumentasi.

Tapi pertanyaannya begini: kalau sistem sebesar ini masih pakai sistem kepercayaan sekali jalan, terus gimana nasib data kita? Apa harus nunggu skandal kebocoran dulu baru sadar pentingnya verifikasi ulang?

Pernah denger kisah orang pakai kartu BPJS temennya karena datanya nggak dicek lagi? Atau pasien yang udah meninggal, tapi datanya dipakai buat daftar layanan? Itu bukan cuma cerita anekdot. Itu dampak dari sistem yang percaya tanpa cek ulang. Zero Trust tuh bukan ide ribet, justru solusi buat masalah sederhana: gimana caranya kita gak ketipu sistem sendiri.

Dan buat kamu yang developer atau admin sistem: kalau bikin sistem yang butuh login, jangan cuma berhenti di “berhasil masuk”. Tanyakan juga: "Masuk dari mana?", "Jam berapa?", "Berapa kali dalam sehari?", dan "Pakai perangkat apa?". Soalnya, bahkan orang baik pun bisa kehilangan tokennya.

Karena isu ini bukan cuma milik Indonesia, tapi juga tantangan global. Dunia digital terlalu cepat berubah buat kita tetap pakai model kepercayaan dari era warnet.

Welcome to Hajriah Fajar: Living Smart & Healthy in the Digital Age

Already Logged In, So No One Checks Again? The Danger of SATUSEHAT Without Zero Trust

The server room was cool, but the admin’s forehead was sweating. It was 3 a.m. when a strange request hit the system. “Who’s accessing patient data from an overseas IP?” he mumbled, still half-asleep. No one answered. Everyone else had clocked out — but that access was real. The scary part? The system just... trusted it. Because the token was valid. Already logged in? Must be safe, right?

Let me say this plain and simple: Zero Trust means don’t trust anyone — not even yourself, not even your past self. It’s not a trend. It’s a mindset. But in big systems like Indonesia’s SATUSEHAT, that mindset often gets reduced to: “Well, they already logged in earlier.”

I once helped a healthtech vendor integrate their app into the SATUSEHAT ecosystem. It started strict — developer registration, domain whitelisting, signed documents. But once they handed over the token, things got suspiciously chill. No behavioral checks. No re-authentication. No alert when someone hit the API from Belarus at 2 a.m.

Let me guess: “But that token was legit!” Yeah. That’s the problem. Tokens are like keys. If someone steals your house key, they don’t need to be you — they just need the key. If your security system doesn’t check who’s turning the knob, your fancy locks mean nothing.

I’ve literally seen `.env` files on public staging servers with real SATUSEHAT tokens inside. You could find them with basic Google dorking. One careless upload, and bam — instant read access to thousands of patient records. And guess what? The system never screamed. Because to the system, the token was still fresh.

Zero Trust isn’t a paranoid Silicon Valley invention. It’s a response to reality. Every request — even if it looks familiar — should be treated like a stranger at your door. Validate it. Double-check it. NIST even published a full standard on Zero Trust. But if that’s too dense, just remember: trust is earned, not assumed.

SATUSEHAT is evolving, no doubt. They have good intentions and a growing dev portal. You can even browse their public docs here: https://satusehat.kemkes.go.id/platform/docs/id/playbook/. But a lot of risk still sits at the integration points — especially with third-party vendors who may not implement Zero Trust on their end.

Here’s a thought: we often assume digital systems are safer than paper. But I’ve seen physical logbooks that were more secure than some login tokens. A guard with a clipboard might still ask, “Who are you?” A misconfigured API won’t.

The core problem isn’t just tech. It’s how we think about trust. I’ve met admins who never revoke old tokens. Systems that don’t log where requests came from. Dashboards without any login history. We’re building public health platforms as if they were personal blogs.

And for you developers: don’t stop at “user is authenticated.” Ask: “From where?” “How often?” “Is this normal?” Even good users lose their tokens. Even good vendors mess up permissions. Even good systems crash silently.

So no, this isn’t a lecture. This is a reminder from someone who’s seen weird API requests at 3 in the morning. Who’s had to explain to a hospital IT guy why his patient data was leaked because someone left a tab open at a coffee shop.

If you’re building, reviewing, or just using SATUSEHAT, ask yourself: Does this system ask “who are you” every time — or just once and forget forever? Because the latter isn’t just lazy. It’s dangerous.