Electronic patient records: Hackers also undermine new security measures

Berlin. Outgoing Federal Health Minister Karl Lauterbach has confirmed that a new security vulnerability has been discovered following the nationwide launch of the new electronic patient record (ePA).

"In the early stages of the ePA launch, such attack scenarios were to be expected. I am grateful to gematik for responding immediately to the first indications and closing this security gap," the SPD politician wrote that evening on the X platform, linking to a "Spiegel" report.

According to this report, the newly added security measures for the official launch of the electronic patient record also proved insufficient. According to "Spiegel," so-called ethical hackers from the Chaos Computer Club (CCC) overcame a central, newly added safeguard and then informed the authorities. The operators responded to the alert on Wednesday afternoon with immediate emergency action, thus closing the additional security gap for the time being.

The majority federally owned digital agency gematik confirmed this account. The Chaos Computer Club described a scenario for unauthorized access, stating on its website that information could be obtained via electronic replacement certificates for insurance cards, allowing access to individual electronic patient records. "gematik has closed the security gap that could exist for individual insured persons of a few health insurance companies. The potentially affected insured persons are identified and protected."

At the end of last year, IT security experts had already publicized a number of vulnerabilities in the ePA system. To increase security, additional precautions were implemented during the test phase. Since January 15, 70 million of the approximately 74 million people with statutory health insurance across Germany have received an ePA from their health insurance provider.

Following a test in three regions, the nationwide rollout began on Tuesday. A gradual ramp-up is planned. The ePA is intended to be a digital repository for examination results, laboratory results, and medication information, and will accompany patients throughout their lives. It can be viewed on smartphones via health insurance apps.

RND/dpa