Security Analysis of the German Electronic Health Card’s Peripheral Parts
Proceedings of the 11th International Conference on Enterprise Information Systems (ICEIS 2009), Milan, Italy, 6-10 May 2009, Volume ISAS, pp. 19-26
Posted: 29 Sep 2012
Date Written: 2009
Abstract
This paper describes a technical security analysis which is based on experiments done in a laboratory and verified in a physician’s practice. The health care telematics infrastructure in Germany stipulates every physician and every patient to automatically be given an electronic health smart card (for patients) and a corresponding health professional card (for health care providers). We analyzed these cards and the peripheral parts of the telematics infrastructure according to the ISO 27001 security standard. The introduced attack scenarios show that there are several security issues in the peripheral parts of the German health care telematics. Based on discovered vulnerabilities we provide corresponding security measures to overcome these open issues and derive conceivable consequences for the nation-wide introduction of electronic health card in Germany.
Keywords: Security Analysis, Electronic Health Card, Health Care Telematics
Suggested Citation: Suggested Citation