Access to millions of data
Security gaps in electronic patient records revealed
02/01/2025 – 12:23 p.mReading time: 2 min.
The electronic patient record is about to be introduced. IT experts warn of security gaps: hackers could access millions of pieces of data.
The electronic patient file (ePA) is coming: When the files are made available on January 15th, practices, clinics and pharmacies will start using them. However, before the planned introduction of the ePA, there is strong criticism from IT experts from the Chaos Computer Club (CCC).
Accordingly, security deficiencies allow hackers to gain access to the data of any insured person, as the IT experts write on their website. “This would give criminals access to more than 70 million files in one fell swoop,” warns the CCC.
In experiments, the IT experts succeeded in accessing patient files remotely. This was possible due to weak points in the IT infrastructure “both in the healthcare facilities and via access from service providers”.
Meanwhile, the company Gematik, which is responsible for implementing the ePA, has responded to the CCC’s criticism. “Technical solutions to prevent the attack scenarios have already been designed” and their implementation has started, reports the “Deutsche Ärzteblatt”.
The attack scenarios on the ePA presented by the CCC were “technically possible”. Gematik believes that practical implementation in reality is “but not very likely,” it goes on to say.
The “ePA for all” starts on January 15th, first in Franconia, Hamburg and parts of North Rhine-Westphalia. It will then be introduced nationwide a month later. An electronic patient file will then be set up for everyone with statutory health insurance, unless they object.
The file is intended to be a digital memory for information on medications, findings and laboratory values and to accompany patients throughout their lives. The insured can insert documents there themselves; doctors have to enter data from current treatments.
The e-file, which is slowly filling up, is intended to help in the future when a doctor changes or moves, or in emergencies, when doctors can obtain information more quickly about a patient’s medical history or medication plan.