JISIP (Jurnal Ilmu Sosial dan Pendidikan)

The BPJS Kesehatan data hack in 2021 shows important issues in the implementation of cybersecurity policies in Indonesia, especially regarding how effective coordination between institutions is. This study investigates how the response to the incident was affected by the lack of synchronization between the National Cyber and Crypto Agency (BSSN), the Directorate of Cyber Crime (Dittipidsiber) of the National Police Criminal Investigation Unit, and the Ministry of Communication and Informatics (Kominfo). This study uses a qualitative approach with a case study research type. The results of this study found that the process of mitigating data leaks became more difficult due to fragmentation of tasks, overlapping authorities, and the absence of an integrated crisis response protocol, although each institution has specific tasks, the lack of coordination led to slow and inefficient responses. In addition, systemic vulnerabilities increased because sectoral policies were not in line with national strategies.