ATTACK SCENARIOS FOR POSSIBLE MISUSE OF PERIPHERAL PARTS IN THE GERMAN HEALTH INFORMATION INFRASTRUCTURE

Ali Sunyaev, Alexander Kaletsch, Sebastian Dünnebeil, Helmut Krcmar

Abstract

This paper focuses on functional issues within the peripheral parts of the German health information infrastructure, which compromise security and patient’s information safety or might violate law. Our findings demonstrate that a misuse of existing functionality is possible. With examples and detailed use cases we show that the health infrastructure can be used for more than just ordinary electronic health care services. In order to investigate this evidence from the laboratory, we tested all attack scenarios in a typical German physician’s practice. Furthermore, security measures are provided to overcome the identified threats and questions regarding these issues are discussed.

References

  1. Bales, S., 2003. Die Einführung der Telematik im Gesundheitswesen als Herausforderung für die Weiterentwicklung der Patientenrechte in Deutschland. [Talk] Bonn: gematik. Available at: http://www.dimdi.de/dynamic/de/ehealth/karte/downlo adcenter/veroeffentlichungen/vortraege/bagh-bonnbal-031107.pdf [Accessed 9 September 2008].
  2. Berg, W., 2004. Telemedizin und Datenschutz. Medizinrecht, 22 (8), pp. 411-414.
  3. BSI, Bundesamt für Sicherheit in der Informationstechnik, 2004. Studie zu ISO-Normungsaktivitten ISO/BPM - Anforderungen an Information Security Management Systeme.
  4. Caumanns, J. et al., 2006. Die eGK-Lösungsarchitektur Architektur zur Unterstützung der Anwendungen der elektronischen Gesundheitskarte. InformatikSpektrum, 29 (5), pp. 341-348.
  5. Drees, D., 2007: The Introduction of Health Telematics in Germany. In: European Commission Directorate General Information Society, Information Security Solutions Europe/SECURE 2007 Conference. Poland, Warsaw 25 27 September 2007. Vieweg: Wiesbaden.
  6. gematik, Gesellschaft für Telematikanwendungen der Gesundheitskarte mbH, 2008a. Spezifikation eHealthKartenterminal. Version 2.8.0.
  7. gematik, Gesellschaft für Telematikanwendungen der Gesundheitskarte mbH, 2008b. Facharchitektur Verordnungsdatenmanagement (VODM). Version 1.5.1.
  8. gematik, Gesellschaft für Telematikanwendungen der Gesundheitskarte mbH, 2008c. Übergreifendes Sicherheitskonzept der Gesundheitstelematik. Version 2.3.0., Anhang B.
  9. gematik, Gesellschaft für Telematikanwendungen der Gesundheitskarte mbH, 2008d. Konnektorspezifikation. Version 3.0.0.
  10. Neuhaus, J., Deiters, W. & Wiedeler, M., 2006. Mehrwertdienste im Umfeld der elektronischen Gesundheitskarte. Informatik-Spektrum, 22 (5), pp.332-340
  11. SGB V, 2007. Sozialgesetzbuch. Fünftes Buch. DTVBeck.
  12. Schweiger, A., Sunyaev, A., Leimeister, J.M., Krcmar, H. 2007. Information Systems and Healthcare XX: Toward Seamless Healthcare with Software Agents. In: Communications of the Association for Information Systems (CAIS), Vol. 19 (2007) Nr. Article 33, pp. 692-709.
  13. Sunyaev, A. et al., 2009a. Analysis of the Applications of the Electronic Health Card in Germany. In: WI 2009, Proceedings of Wirtschaftsinformatik 2009, Austria, Vienna 25-27 February 2009.
  14. Sunyaev, A., Kaletsch, A., Mauro, C. & Krcmar, H. 2009b. Security Analysis of the German electronic Health Card's Peripheral Parts. ICEIS 2009 - Proceedings of the 11th International Conference on Enterprise Information Systems, Volume ISAS, pp. 19-26.
Download


Paper Citation


in Harvard Style

Sunyaev A., Kaletsch A., Dünnebeil S. and Krcmar H. (2010). ATTACK SCENARIOS FOR POSSIBLE MISUSE OF PERIPHERAL PARTS IN THE GERMAN HEALTH INFORMATION INFRASTRUCTURE . In Proceedings of the 12th International Conference on Enterprise Information Systems - Volume 1: ICEIS, ISBN 978-989-8425-04-1, pages 229-235. DOI: 10.5220/0002900102290235


in Bibtex Style

@conference{iceis10,
author={Ali Sunyaev and Alexander Kaletsch and Sebastian Dünnebeil and Helmut Krcmar},
title={ATTACK SCENARIOS FOR POSSIBLE MISUSE OF PERIPHERAL PARTS IN THE GERMAN HEALTH INFORMATION INFRASTRUCTURE},
booktitle={Proceedings of the 12th International Conference on Enterprise Information Systems - Volume 1: ICEIS,},
year={2010},
pages={229-235},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002900102290235},
isbn={978-989-8425-04-1},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 12th International Conference on Enterprise Information Systems - Volume 1: ICEIS,
TI - ATTACK SCENARIOS FOR POSSIBLE MISUSE OF PERIPHERAL PARTS IN THE GERMAN HEALTH INFORMATION INFRASTRUCTURE
SN - 978-989-8425-04-1
AU - Sunyaev A.
AU - Kaletsch A.
AU - Dünnebeil S.
AU - Krcmar H.
PY - 2010
SP - 229
EP - 235
DO - 10.5220/0002900102290235