Here’s how one of the biggest hospital groups in Indonesia stays cyber safe

Mr Ryanto Tedjomulja, Chief Information Officer of Siloam Hospitals Group, shares the stringent steps they take to keep their digital systems safe and secure.

As a result of the recent rapid digitalisation in the healthcare industry – driven largely by COVID-19 – healthcare providers all around the world have implemented an array of new technologies and systems in a bid to keep up with the challenges of the pandemic.

Technologies such as Electronic Medical Records (EMR), telehealth, and even automations are quickly becoming the norm at medical facilities, while healthcare providers are fully expected to carry on their digital journey in the coming year.

This widespread digitalisation in the industry, however, has given rise to a growing threat that healthcare providers now have to contend with.


After all, the consequences of cyberattacks on healthcare providers can be disastrous – and potentially deadly – with bad actors looking to steal sensitive patient data, interrupt business operations, and even cause a complete shutdown of a hospital’s IT system.

As such, it is critical for hospitals to ensure that their cybersecurity measures are comprehensive and updated.

However, the Chief Information Officer of Siloam Hospitals Group, Mr Ryanto Tedjomulja, believes it takes more than just the implementation of an advanced cybersecurity system to keep hospitals safe from attacks.

Mr Ryanto Tedjomulja, Chief Information Officer of Siloam Hospitals Group

He explained: “Cybersecurity is not merely a technology that we need to implement. It is a capability that any organisation that wants to survive in the digital world needs to have. It is not a one-off project, but an organisational capability that we need to continuously build over the years.

“What it means is that it will take a combination of technology, process, people, and governance to build the cyber capability of a hospital.”

Tedjomulja revealed that Siloam – which has over 8000 workstations and close to 1000 servers – focuses on three main components of cybersecurity: the capability to Protect, the capability to Detect, and the capability to Respond.

“Protection means we need to put in place processes and technologies to prevent an attack,” Tedjomulja elaborated. “Of course, in this digital world, there is no such thing as an organisation that is 100 per cent safe.

“But we need to take proactive steps to identify vulnerabilities, strengthen our infrastructure, and improve our governance, in order to reduce the risks. In addition to technologies that we put in place to protect our assets, our security team conducts regular vulnerabilities scanning, pen testing for our applications, and also conduct regular trainings to improve user awareness.

“We also need to have a capability to keep monitoring our systems to be able to detect an attempt or attack as early as possible. At Siloam, we have engaged a professional Security Operations Centre (SOC) to provide 24/7 monitoring. And from time to time, we will conduct a third-party testing of our SOC to see whether it can provide the level of detection that we’re expecting.

“Finally, the third capability is our readiness to respond in the event of a cyberattack. It is common wisdom to hope for the best, but prepare for the worst, and this also applies to cybersecurity.”

Siloam’s readiness to ensure care continuity in the event of a cyberattack or unplanned downtime is laid out in their comprehensive Disaster Recovery Plan (DRP), which is reviewed and updated on a regular basis.

“This plan details out what we need to do in the case of system failure to be able to finally recover the system,” said Tedjomulja. “Depending on the severity of the damage and the amount of time needed to recover the system, there are different actions to take. The plan and actions are designed to be able to achieve Recovery Point and Recovery Time objectives that we have agreed for the company.

“The plan specifies the system backup procedures that we need to do, and also requires us to keep offline data (such as hardcopies of a patient’s health record) available.”

More importantly, Tedjomulja believes that the responsibility of cybersecurity lies not just with the IT department, but with the entire organisation.

In fact, he admitted that one of the biggest challenges Siloam faced was to change the organisation’s mindset towards cybersecurity.

“The first step towards that is to convince the whole management that cybersecurity should be a top priority,” Tedjomulja recounted. “For us, it helps that some of our board members came from other organisations, were and able to share their perspectives on the issue of cybersecurity.

“We’re quite lucky in Siloam that our CEO understands this topic well, and has been very supportive. As with any major change, communication is key. It took us many discussions, many examples, as well as advice from many people, until the whole management was fully on board.

“The next challenge was to build people awareness. I always say that protecting data is not so different with protecting money in the bank. The servers are like the bank vaults, but instead of holding money, our servers hold data.

“So we can have a vault that is fire-proof, burglar-proof, or disaster-proof. But someone still holds the key to that vault, and could open it unwittingly – that is the risk in cybersecurity. In Siloam, we have around 12000 staff and doctors, so you can imagine what a huge undertaking it was for us to build cyber awareness for all our staff.”

Tedjomulja was also keen to emphasise the importance of keeping patient data secure, as it could potentially be a matter of life and death for a patient.

What makes it more challenging for hospitals to keep their patient data safe is that it can even be breached via seemingly low-risk equipment, like printers.

Most printers in hospital these days, however, are multifunctional devices that connect directly to the internet – this allows for emails to be sent from the printer, while copies of files on the printers’ hard drive can also be uploaded onto the cloud.

Indeed, an internet-connected printer that has been compromised could provide an entry point for attackers into a hospital’s internal networks. This could lead to sensitive data – such as the contents of the documents being printed – falling into the hands of the cyber-attackers.

There is also a risk that malicious software updates might be installed on internet-connected printers, especially if they are physically and technically insecure. This, in turn, could lead to a complete shutdown of a hospital’s operations.

In addition, there are physical risks that sensitive printouts left unattended on the printer could be misplaced, stolen, or changed, thus posing a huge risk to the safety of the patients.

“Any technology that generates data will be prone to…risk. As we immerse deeper into the digital world, we rely on those data to be able to provide patient care,” Tedjomulja mused.

“If suddenly we lose access to those data…the consequences are severe. And what if the data is not stolen, but changed by a hacker without us knowing? It is a scary thought.”


Click here to learn more about Downtime Assistant in an event of a cybersecurity threat. You can also contact Lexmark’s Healthcare Consultant at for AP or for ANZ to learn more about Lexmark’s clinical solutions and assessment of your facility’s printing requirements.