Security Analysis of the German Electronic Health Card's Peripheral Parts
نویسندگان
چکیده
This paper describes a technical security analysis which is based on experiments done in a laboratory and verified in a physician’s practice. The health care telematics infrastructure in Germany stipulates every physician and every patient to automatically be given an electronic health smart card (for patients) and a corresponding health professional card (for health care providers). We analyzed these cards and the peripheral parts of the telematics infrastructure according to the ISO 27001 security standard. The introduced attack scenarios show that there are several security issues in the peripheral parts of the German health care telematics. Based on discovered vulnerabilities we provide corresponding security measures to overcome these open issues and derive conceivable consequences for the nation-wide introduction of electronic health card in Germany.
منابع مشابه
Attack Scenarios for Possible Misuse of Peripheral Parts in the German Health Information Infrastructure
This paper focuses on functional issues within the peripheral parts of the German health information infrastructure, which compromise security and patient’s information safety or might violate law. Our findings demonstrate that a misuse of existing functionality is possible. With examples and detailed use cases we show that the health infrastructure can be used for more than just ordinary elect...
متن کاملInformation Security Requirements for Implementing Electronic Health Records in Iran
Background and Goal: ICT development in recent years has created excellent developments in human social and economic life. One of the most important opportunities to use information technology is in the medical field, that the result would be electronic health record (EHR).The purpose of this research is to investigate the effects information securi...
متن کاملInformation Security Requirements for Implementing Electronic Health Records in Iran
Background and Goal: ICT development in recent years has created excellent developments in human social and economic life. One of the most important opportunities to use information technology is in the medical field, that the result would be electronic health record (EHR).The purpose of this research is to investigate the effects information securi...
متن کاملModeling of Electronic Health Management for Islamic Republic of Iran Social Security Organization
Background: Social Security Organization with more than 40 million insured people, supplies therapeutic services to nearly fifty percent of the country’s population. This volume of service needs a good update and on line planning, organizing, coordination, staffing, and budgeting. Electronic health is improving day to day and is a good tool in helping the Social Security Organization in conduct...
متن کاملResearch Toward the Practical Application of a Risk Evaluation Framework: Security Analysis of the Clinical Area within the German Electronic Health Information System
The following study provides a risk analysis of the forthcoming nationwide healthcare information system in Germany. Based on the information security audit methodology of the Federal Office for Information Security (BSI), we evaluated the introduction of the new system in hospitals with respect to security. Conceptually, the study focuses explicitly on an organizational level; specifically the...
متن کامل