Originally, the electronic patient file 3.0 (EPA) was to be introduced nationwide in the middle -middle, but the new beginning date is not kept either in April. Although all those insured by the law have already received an EPA, it has hardly been tested so far. It is also not clear how the EPA has IT protection. Left-wing MP Catherine Vogler, AK Domshit-Berg and Susain Farschal and others made a small request. The federal government’s answers are not very helpful, a small part of the questions was already answered.
Advertisement
Most of 41 questions (PDF) was answered or not at all, such as the question of change in authority management. Unanswered, the federal government also leaves that security risks have been implemented despite security measures. However, a gametix answer suggests that it is unlikely that doctors will take care of testing areas to start a massive attack. Nevertheless, it is possible to try criminals, as shown in the 38th chaos communication Congress.
At the same time, the federal government talks about the fact that the infrastructure for EPA is also quantity about “risk of an attack on central structure”: “To highlight special measures to exclude potential internal criminals. For (“confidential computing”, reliable execution environment – VAU) or pre -applied resistance to cryptographic measures quantum computing attacks “.
No veto law for BFDi and BSI
Asked that the weaknesses known from August 2024, the gametic recently wrongly responded to the risk incorrectly. However, Federal Office for Information Technology (BSI) and Federal Commissioner for Data Protection and Freedom of Information (BFDI), Prof. The Louisa Speech-Rimensnader, was directly included, but they only have to keep in mind and may not happen now. Veto.
US Supervisory Authority starts an investigation against Big Tech for FTC “Censorship”At the beginning of the year, BFDi emphasized that both Gemptix and BMG “indicated the high risk capacity of weaknesses at the beginning of the year and strongly recommended (HAD) recommends measures to reduce the risks BFDI of Jamptics, in information technology. “A BFDI spokesman said.
Asked whether safety intervals were established due to implementation or architectural errors, the federal government replied that it was not due to specifications and the attack could only be done, “if you can reach access to telematics infrastructure unjustly Get from it is punishable.
Not ready against attacks by government organizations?
It is also not clear how attacks should be stopped by state actors. Although the federal office for information technology and Fraunhoff SIT also appreciate the risk as relevant, after consulting with gametics, “attacks by government organizations were not relevant”.
The federal government’s response to the question of the risk of attacking state actors is clear and not clear. It suggests that foreign state actors and their attack vectors are certainly taken into consideration in security analysis, but the attack resources of such actors were excluded from formal evaluation. This means that EPA infrastructure cannot be prepared against highly developed resource-intensive attacks by the actors of the state.
The reason for the exclusion of these attack resources from the evaluation is that a level of safety will be required that will not be practical with the current standard software and hardware used. Nevertheless, the federal government emphasizes that great efforts are made to counter the dangers with foreign state actors and refer to safe supply chains when issuing electronic identity, connectors and card readers. However, the question is not clear whether the measures provided legally are enough to remove the target attacks especially by state actors.
In its answers, the federal government regularly emphasizes that all personal data, including medical information, are in strict security precautions. In addition, gametic wants to increase the safety of EPA through additional measures. This includes involving external experts and safety researchers to identify potential weaknesses in an early stage. In the context, the federal government also refers to the Bug Bounty Program launched by Gametic in October 2022.
(Mac)
Consumer Protection: Digital European Union letter bag warns of massive tracking
