A Security Analysis of the Dutch EPD system
This page presents a security analysis, describing vulnerabilities we found in the design of the Dutch electronic patient record system (EPD).
These pages were written around 2010-2011, due to research on the EPD that I did in 2009-2010.
The ministry (VWS) issued a sharp response (letter, reaction to the press) after the findings were reported. On closer inspection, however, the ministry has not actually shown any weaknesses in my work, but instead confirmed all findings. The main argument of the ministry is that I could not prove that anyone can break into the LSP or any of the systems attached to it. Given that this concerns thousands of systems, I believe that the ministry's statement that 'regular hacker tests' and audits will protect us from a break-in, is unfounded.
The ministry indicated in their letter that the reported issues were known to them, and that these were part of a conscious tradeoff between, effectively, practical usability and 'optimal' security. I am very surprised to learn that people in the ministry have consciously built in the security weaknesses that I discovered.
Download my rebuttal (in Dutch) directly. Or read my commentary in English.
Here is a brief summary of the key findings in English.
I wrote a detailed summary of the security issues.