Experts Warn of Severe Security Flaws in Germany's Electronic Patient Records System

Hackers demonstrate potential access to 70 million patient files as rollout of electronic records for all insured individuals looms in 2025.

IT experts at the Chaos Communication Congress in Hamburg revealed significant vulnerabilities in Germany's electronic patient records (ePA) system, potentially exposing sensitive data of up to 70 million users.
Hackers demonstrated how they could access patient records remotely without needing a physical health card, citing weak IT configurations and flawed issuance processes for medical credentials.
The ePA, introduced in 2021, is set to become mandatory for all insured individuals in 2025 unless they opt out, with a pilot program launching in January in select regions.
The Chaos Computer Club criticized the system's security as inadequate, calling for independent audits to address risks and rebuild trust in the digital infrastructure.
While the system's developers claim the risks are minimal and emphasize encryption measures, critics argue that the current safeguards are insufficient to prevent unauthorized access.