Particle.news

Download on the App Store

New Security Flaw Discovered in Germany’s ePA System Just Days After National Rollout

The vulnerability, identified by ethical hackers, was swiftly patched by gematik, but concerns over public trust in the digital health system persist.

Image
Image
Image
Image

Overview

  • The Chaos Computer Club (CCC) uncovered a security flaw in the electronic patient record (ePA) system involving electronic replacement certificates for health cards.
  • The vulnerability allowed unauthorized access to patient data but was limited to certain health insurers’ clients, who have since been identified and given additional protections.
  • gematik confirmed the issue and implemented an immediate fix, emphasizing that continuous security monitoring remains crucial.
  • This incident follows earlier CCC-reported vulnerabilities in late 2024, which prompted additional security measures before the system’s national rollout on April 29, 2025.
  • With around 70 million insured individuals automatically enrolled in the ePA since January 2025, the system’s success now hinges on addressing privacy concerns and maintaining public trust.