The Dutch Ministry of Health announced yesterday that the rollout of the national Electronic Healt Records system EPD has been delayed until later this year. One of the reasons is that experts found a vulnerability in the chipcard used to access patient records. The implementation of the encryption algorithm on the cards enabled an attacker to clone the card including the private key once they knew the PIN used.
Another reason mentioned for the delay is the amount of people that has filed an objection to having their information stored in the new system. Initially, objections were expected from about 1 to 2 percent of the population; at this moment, the actual amount is 2.5 percent and still rising.
The weakness found lies in the use of the Chinese Remainder Theorem to accelerate certain cryptographic functions on the smartcards; it was found after the parliament requested a thorough review of the security of the entire EPD system. The same chip is also used by several other government agencies including the Department of Defense, but the weakness is less relevant to other implementations because they don’t use private data stored on the card:
Healthcare providers will also have a unique identifier: the Unique Healthcare providers Identification (UZI: Unieke Zorgverleners Identificatie). The UZI makes authentication possible of the health care provider who wants to have access to the EPR. The UZI consists of a smartcard with three certificates. The first certificate encrypts the data. The second one is the authentication itself: checking the health care providers’ data in the UZI-database, which is connected to the healthcare providers’ registration database (BIG-register). The third certificate is the electronic signature.