
Divisions Emerge in the Democratic Party Over Trump's Immigration Law
Section: News
The Gematik organization has recently come under scrutiny regarding its handling of security vulnerabilities in the electronic patient record system (ePA). As reported, Gematik claims it only recognized the seriousness of these vulnerabilities after security researchers informed them that valid practice identities were available for purchase on secondary markets.
According to communications obtained from the German Medical Journal, security researchers alerted Gematik to these vulnerabilities in August 2024. However, Gematik initially deemed these security issues as manageable and acceptable at that time. This assessment has now been called into question.
One of the critical vulnerabilities allows unauthorized access to the ePA system using only a Security Module Card Type B (SMC-B) along with a connector. This can be done without the need for the electronic health card or knowledge of its associated Integrated Circuit Card Serial Number (ICCSN). The potential for mass exploitation has been highlighted, as attackers could iterate through ICCSNs. Gematik had previously assessed the risk of such attacks as low, citing high detection risks and complex execution as factors.
Furthermore, a Gematik executive has indicated that the issuance of practice cards has been tightened through multiple enhancements in the distribution process. In mid-December, it was revealed that security researchers had purchased valid practice identities, including SMC-Bs and PIN codes, from a practice liquidation. This prompted Gematik to reassess the situation, leading to the formation of a security task force aimed at implementing necessary measures.
Despite these developments, it remains uncertain whether these vulnerabilities have been fully addressed ahead of the planned nationwide rollout of the ePA. Currently, all healthcare providers and pharmacies involved in the pilot phase are included on a whitelist, which restricts access to the ePA to a limited number of authorized users.
Section: News
Section: Science
Section: Travel
Section: Health
Section: Business
Section: Arts
Section: Health Insurance
Section: News
Section: Arts
Section: News
No comments yet. Be the first to comment!