The hackers from the Chaos Computer Club have proven that it is not necessary to exchange the so-called connectors in art practices. This could save 300 million euros – but the federal government would probably lose money.
Medical and psychotherapy practices, pharmacies and clinics must use special Internet routers for digital communication with each other and for billing with the health insurance companies. The first generation of these connectors has been in operation since autumn 2017. The problem: the security certificates of the devices now expire after five years. The security certificates – digital signatures to identify the respective devices – are located on memory cards. According to the manufacturer, it shouldn’t be possible to exchange the memory cards or save new security certificates on them.
Gematik, which is responsible for the telematics infrastructure (TI) in Germany, said the same thing. With 51 percent shares, the Ministry of Health is the largest shareholder, as “heise.de” and the “Apothekenumschau” report.
The federal government would also have earned from the exchange, which should cost a good 300 million euros. However, according to the experts at the Chaos Computerclub (CCC) hacker association, such an exchange is not necessary at all. A hacker dismantled one of the connectors and showed that simply updating the software makes continued operation possible.
“The 300 to 400 million euros that the replacement of the devices is estimated to cost the health insurance companies should be spent on good medicine and better care for patients in the doctor’s offices – and not for additional electronic waste,” criticized Die Freie Ärzteschaft e. V. the exchange.
“By immediately stopping the nonsensical connector exchange, Federal Health Minister Karl Lauterbach could support the medical practices, but the opposite is the case,” says Wieland Dietrich, chairman of the independent medical association and resident dermatologist in Essen. “In view of the billions in savings in medical practices, it is incomprehensible to squander several hundred million euros of insurance money on a project from which not a single patient and not a single practice in Germany benefits.”
In fact, Gematik reacted to the CCC hack: Two of the three connector manufacturers now offer a certificate extension specified by Gematik. Gematik had already repeatedly suggested to its shareholders to extend the certificates with a software update, as “heise.de” reports. And: According to Gematik, “by no means all connectors have to be replaced”, so Gematik expects the costs to be significantly lower than 300 million.