Particle.news

Download on the App Store

Germany's Electronic Patient Record Faces Security Challenges Days After Nationwide Launch

The ePA system, now live for over 73 million citizens, has encountered new security vulnerabilities despite recent updates and patches.

Image
Image
Image

Overview

  • The electronic patient record (ePA) was launched nationwide in Germany on April 29, 2025, automatically enrolling over 73 million statutory insured citizens under an opt-out model.
  • Ethical hackers from the Chaos Computer Club discovered new security vulnerabilities in the ePA system, allowing unauthorized access to patient data despite updated protections.
  • Gematik, the organization overseeing the system, implemented immediate fixes and stated there is no evidence of unauthorized data breaches so far.
  • Consumer advocates are calling for improved privacy controls, including the ability for patients to selectively share specific medical documents with healthcare providers.
  • Healthcare providers have until October 1, 2025, to adopt the ePA system, with pseudonymized data sharing for research scheduled to begin in July 2025.