Secdocs

Learn, hack!

Hacking and security documentation: slides, papers, video and audio recordings. All in high-quality, daily updated, avoiding security crap documents. Spreading hacking knowledge, for free, enjoy. Follow on .

Hacking health

General Info
Type
Audio
Tags
science
Authors
Karin Spaink
Event
Chaos Communication Congress 22th (22C3) 2005
Indexed on
Mar 27, 2013
File details
URL
http://dewy.fem.tu-ilmenau.de/CCC/22C3/audio/mp3/22C3-489-en-hacking_health.mp3
File name
22C3-489-en-hacking_health.mp3
File size
21.3 MB
MD5
8e4409b218d1530af107043caf403004
SHA1
4ee2e7a94578ec8d7b91d58fcb57600a72d18c86
Abstract

I have been researching the implementation of electronic patient records (EPR) in NL. The first part of EPRs - a national database of medication that each patient is described - will become mandatory in early 2006. To 'ease the implementation' of a national EPR database, all Dutch citizens will be given a Civil Service Number which supplants our social security number. This CSN - which is actually the same identifier as your social sucurity number - will be used in health services, school, child care, work and taxes. The Dutch government states that this the use of this CNS will be regulated 'within existing European privacy laws' but also adds that using one identydying number in all social areas, including health care, is 'helpful in matters of law enforcement'. On top of that, national electronic (biometric) identity cards will be issued, allegedly to allow citizend (patients) to log in to heir personal EPRs, notwithstanding the fact that hardly any EPR software exists that allow patients to log in. In other words, EPRs are at least partially used to sell biometric identity cards. EPR implementation is supposed to reduce bureaucracy in health care, and to reduce the amount of medical errors; thus, it supposedly helps to cut down costs. Policy makers do not seem to take into account that automating EPRs creates a new subset of medical errors (input errors now being the 4th most common reason for medical errors). Also, they overvalue using computers, believing them to be 'flawless'. Security around EPRs is bad. One Dutch hospiyal was not able to see policlinic patients for a week, due to a computer virus. More hospitals have ad virus problems but have refrained from stating so. The Dutch Health Inspection issued a warning that a pharmacy software program used to calculate mediaction dosage, iscalculated the amount for 200 medicins, amongst themm cytostatics. To test the safety of hospital computer systems, I organised a penetration test with two random hospitals that used EPRs. We were able to access 1.2 million patient records.

About us

Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.

Statistics

Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.

Contribute

To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.

Flattr this Click here to lend your support to: Keep live SecDocs for an year and make a donation at www.pledgie.com !