Update instead of new purchase
Hackers want to save hundreds of millions of euros in the German healthcare system – but nobody shows any interest
The ways of healthcare are unfathomable.
© gpointstudio / Getty Images
Medical practices in Germany are facing a problem: the hardware for billing services and issuing e-prescriptions is said to be outdated. Hackers found that a free update would solve the problem. A manufacturer considers the exchange to be the better solution – and could cost hundreds of millions of euros.
Germany’s digital healthcare system is built on connectors. These are small gray boxes that connect German medical practices to what is known as the telematics infrastructure. The practices use this to process services and sooner or later they will also send out e-prescriptions.
The price for such a box is high: the “mirror“writes that prices up to 2300 euros are usual – paid by the health insurance companies. However, this is obviously not a one-time investment. Because according to the manufacturer, older devices have to be replaced regularly so that the connection to the health data network is maintained. The IT specialist magazine “hot” Appealed to Health Minister Karl Lauterbach in August to stop this and find alternative solutions Chaos Computer Club hackers outthat a free update would actually be sufficient. This would save hundreds of millions of euros in costs. But nobody wants to hear that – especially not the manufacturers of the connectors.
Always these certificates
The reason for the forthcoming exchange is simple: the certificates that uniquely identify the devices in their network are expiring. Remember the collapse of German card terminals – for exactly this reason. Aside from that, according to manufacturer CGM Germany, which is behind the KoCoBox MED+, the Federal Office for Information Security (BSI) recommended a maximum term of five years. for safety’s sake.
In the eyes of the Chaos Computer Club, there is a kind of “cartel-like business model” behind it, because after only five years the manufacturers would have to order over 130,000 devices due to the impending failure of the boxes. For the club, this is “planned obsolescence”, i.e. a fixed calculated death of the devices in favor of the balance sheet.
Gematik GmbH is the client and liaison between the practices and the manufacturers of the connectors. It coordinates the infrastructure and is 51 percent owned by the Ministry of Health. The remaining shares are held by the German Medical Association, the German Association of Pharmacists, the National Association of Statutory Health Insurance Physicians and other leading organizations in the German health care system.
From there it is said that all options were last proposed to the shareholders at the end of August and that the exchange was declared the “best solution”, writes the specialist magazine “hot“. And that, although two out of three manufacturers, namely Rise and Secunet, had already made it possible to import a software update. Only CGM did not present such a solution – and apparently won the debate. After all, according to Gematik GmbH Not all connectors are exchanged, which has a positive effect on the costs to be expected, continues “Heise”.
Updates may be possible in the future – but “risky”
CGM also reported to “Heise” and explained that the old devices were not fit for future standards and would therefore have to be replaced in the coming years anyway. However, CGM did not rule out the possibility of software-based certificate extensions for new devices.
The other manufacturers assess the situation similarly, writes the “mirror”. But: Secunet warned that software updates are “a risky business” and that in the event of failure there would be high costs for the failure of the devices.
The CCC expects that the replacement of the devices will continue again in 2027 – because there is currently no mandatory extension of the service life for CGM, Rise and Secunet. Dirk Engling, a spokesman for the CCC, writes: “Here a cartel wants to earn a living through strategic incompetence in the German healthcare system. Immense costs for all insured persons, pointless effort for a replacement with all doctors and tons of electronic waste are accepted. Worse still, a repeat of the debacle in five years is already being prepared.”
Free update and help with installation
As a solution – and extremely good advertising for the critical report on a hitherto relatively unknown problem in the German health care system – the CCC therefore presents a self-made update. This makes it possible to equip the old devices with new certificates free of charge and to extend the term almost as desired. The only exception: Devices whose security key no longer corresponds to the state of the art and which would therefore actually be incompatible if new standards were introduced.
Finally, the Chaos Computer Club appeals to politicians and manufacturers. He calls for better control of contracts, prevention of the destruction of usable hardware and honest business models. “If Gematik accepts the 400 million euro gift on behalf of the German healthcare system,” it says at the end, “the CCC will offer the practices and hospitals help with installing the patches.”
If everything goes as planned by Gematik GmbH and the manufacturers so far, the health insurance companies – and thus every contributor – will soon be faced with a hefty bill.