Based on my Bachelor's Thesis research my first paper was published some weeks ago. Finally I found time to post it in here.
Sunyaev, A.; Kaletsch, A.; Mauro, C.; Krcmar, H. (2009): Security Analysis of the German electronic Health Card’s Peripheral Parts. In: ICEIS 2009 - Proceedings of the 11th International Conference on Enterprise Information Systems. Milan, Italy, 6-10 May 2009. Volume ISAS, pp. 19-26.
Abstract:
This paper describes a technical security analysis which is based on experiments done in a laboratory and verified in a physician’s practice. The health care telematics infrastructure in Germany stipulates every physician and every patient to automatically be given an electronic health smart card (for patients) and a corresponding health professional card (for health care providers). We analyzed these cards and the peripheral parts of the telematics infrastructure according to the ISO 27001 security standard. The introduced attack scenarios show that there are several security issues in the peripheral parts of the German health care telematics. Based on discovered vulnerabilities we provide corresponding security measures to overcome these open issues and derive conceivable consequences for the nation-wide introduction of electronic health card in Germany.
For those who are too lazy to read the full story or don't like English that much - my adviser published a short summary in German:
http://www.egms.de/en/meetings/gmds2009/09gmds256.shtml
Enjoy reading, I'm looking forward to your comments!