Update instead of new purchase: Hackers want to save hundreds of millions of euros in the German healthcare system - but nobody shows any interest

Germany's digital healthcare system is built on connectors.

Update instead of new purchase: Hackers want to save hundreds of millions of euros in the German healthcare system - but nobody shows any interest

Germany's digital healthcare system is built on connectors. These are small gray boxes that connect German medical practices to what is known as the telematics infrastructure. The practices use this to process services and sooner or later they will also send out e-prescriptions.

The price for such a box is high: The "Spiegel" writes that prices of up to 2300 euros are common - paid for by health insurance companies. However, this is obviously not a one-time investment. According to the manufacturer, older devices have to be replaced regularly so that the connection to the health data network is maintained. The IT trade magazine "Heise" appealed to Health Minister Karl Lauterbach in August to stop this and find alternative solutions. Now hackers from the Chaos Computer Club found out that a free update would actually be sufficient. This would save hundreds of millions of euros in costs. But nobody wants to hear that – especially not the manufacturers of the connectors.

The reason for the forthcoming exchange is simple: the certificates that uniquely identify the devices in their network are expiring. Remember the collapse of German card terminals - for exactly this reason. In addition, according to the manufacturer CGM Germany, who is behind the KoCoBox MED, the Federal Office for Information Security (BSI) recommended a maximum term of five years. for safety's sake.

In the eyes of the Chaos Computer Club, there is a kind of "cartel-like business model" behind it, because after only five years the manufacturers would have to order over 130,000 devices due to the impending failure of the boxes. For the club, this is "planned obsolescence", i.e. a fixed calculated death of the devices in favor of the balance sheet.

Gematik GmbH is the client and liaison between the practices and the manufacturers of the connectors. It coordinates the infrastructure and is 51 percent owned by the Ministry of Health. The remaining shares are held by the German Medical Association, the German Association of Pharmacists, the National Association of Statutory Health Insurance Physicians and other leading organizations in the German health care system.

From there it is said that all options were last proposed to the shareholders at the end of August and that the exchange was declared the "best solution", writes the specialist magazine "Heise". And this despite the fact that two out of three manufacturers, namely Rise and Secunet, had already made it possible to install a software update. Only CGM did not present such a solution - and apparently won the debate. After all, according to Gematik GmbH, not all connectors have to be exchanged, which has a positive effect on the costs to be expected, continues "Heise".

CGM also reported to "Heise" and explained that the old devices were not fit for future standards and would therefore have to be replaced in the coming years anyway. However, CGM did not rule out the possibility of software-based certificate extensions for new devices.

The other manufacturers assess the situation similarly, writes the "mirror". But: Secunet warned that software updates are "a risky business" and that in the event of failure there would be high costs for the failure of the devices.

The CCC expects that the replacement of the devices will continue again in 2027 - because there is currently no mandatory extension of the service life for CGM, Rise and Secunet. Dirk Engling, a spokesman for the CCC, writes: "Here a cartel wants to earn a living through strategic incompetence in the German healthcare system. Immense costs for all insured persons, pointless effort for a replacement with all doctors and tons of electronic waste are accepted. Worse still, a repeat of the debacle in five years is already being prepared.”

As a solution - and extremely good advertising for the critical report on a hitherto relatively unknown problem in the German health care system - the CCC therefore presents a self-made update. This makes it possible to equip the old devices with new certificates free of charge and to extend the term almost as desired. The only exception: Devices whose security key no longer corresponds to the state of the art and which would therefore actually be incompatible if new standards were introduced.

Finally, the Chaos Computer Club appeals to politicians and manufacturers. He calls for better control of contracts, prevention of the destruction of usable hardware and honest business models. "If Gematik accepts the 400 million euro gift on behalf of the German healthcare system," it says at the end, "the CCC will offer the practices and hospitals help with installing the patches."

If everything goes as planned by Gematik GmbH and the manufacturers so far, the health insurance companies – and thus every contributor – will soon be faced with a hefty bill.

Yorum yapabilmek için üye girişi yapmanız gerekmektedir.

Üye değilseniz hemen üye olun veya giriş yapın.