Recently the follow-up to my first paper was published. Hence, number three is again about the German Health Insurance Card's usage in physicians' practices.
Sunyaev, A.; Kaletsch, A.; Duennebeil, S.; Krcmar, H. (2010): Attack Scenarios for possible Misuse of Peripheral Parts in the German Health Information Infrastructure. In: Proceedings of the 12th International Conference on Enterprise Information Systems (ICEIS 2010). Funchal, Madeira - Portugal, 8 - 12 June, 2010. Volume DISI, pp. 229-235.
Abstract:
This paper focuses on functional issues within the peripheral parts of the German health information infrastructure, which compromise security and patient’s information safety or might violate law. Our findings demonstrate that a misuse of existing functionality is possible. With examples and detailed use cases we show that the health infrastructure can be used for more than just ordinary electronic health care services. In order to investigate this evidence from the laboratory, we tested all attack scenarios in a typical German physician’s practice. Furthermore, security measures are provided to overcome the identified threats and questions regarding these issues are discussed.
Again, enjoy reading - I'm looking forward to your comments!