Since mid-2025, the electronic patient record has been available to everyone - after a few minor or major security problems in the run-up, whether a year ago at the 38C3 or at the end of April for the nationwide launch. Time to draw a conclusion: Is the ePA secure now? Have sustainable changes been made that lead to greater safety? Can dealing with IT security "one of the largest IT projects in the Federal Republic" be helpful for future digital projects? Time to take a look at what was, what is and what is emerging not only in the ePA, but also in dealing with IT security in similar projects in Germany. A comprehensive analysis of the history and causes of one of the most far-reaching undesirable developments in the field of IT security in recent years, which is reflected in much more than just poor examination of the presence of health cards in the healthcare sector. At the last Chaos Communication Congress, Martin Tschirsich and Bianca Kastl were able to point out a collection of major and small security problems in the electronic patient record for everyone – be it in the issuance of means of identification, in systems in the telematics infrastructure or in connected systems. All these problems cumulated in a modified and reduced rollout of the ePA for everyone in the model regions at the beginning of 2025, in which initial measures to minimise damage have already been taken. At the end of April 2025, the ePA was made available to everyone throughout Germany – but on the same day, the security gaps in access management, which had apparently been solved with certainty, came to light again and were soon only provisionally sealed again. This talk wants to look back a bit on the history and the causes of these security problems of the ePA for all. As "one of the largest IT projects in the Federal Republic", the ePA is emblematic of the digital policy approach to security promises and interest-driven requirements over the heads of patients or citizens. This is not only about technical problems and their attempts to remedy them, but also about the structural causes that repeatedly cause large digital projects to fail in some areas. This in-depth analysis can help us to better understand the causes of poor IT security in future digital policy projects in Germany. Not for the ePA for all and applications in the field of telematics infrastructure, but also far beyond. In-depth analysis and aftermath of 38C3 "Could never be hacked before": The electronic patient record is coming - now for everyone! Licensed to the public under http://creativecommons.org/licenses/by/4.0
LicenseCreative Commons Attribution
Typography is the art of arranging type to make written language legible, readable, and appealing when displayed. However, for the neophyte, typography is mostly apprehended as the juxtaposition of characters displayed on the screen while for the expert, typography means typeface, scripts, unicode,
Who uses Palantir software in Germany and who plans to do so in the near future? What are the legal requirements for the use of such analysis tools? And what is Interior Minister Alexander Dobrindt planning for the federal police forces in the matter of Palantir? Palantir software analyzes the data
Reports of GNSS interference in the Baltic Sea have become almost routine — airplanes losing GPS, ships drifting off course, and timing systems failing. But what happens when a group of engineers decides to build a navigation system that simply *doesn’t care* about the jammer? Since 2017, we’ve bee
