400 million euros: How the “Chaos Computer Club” helps the health system save money

Special routers are required in German medical practices to connect to the “telematics” health data network. After only five years of operation, there is now no alternative to replacing the device - at least that's what the manufacturers say. This exchange is expected to burden the already struggling health system with additional costs of around 400 million euros. The Chaos Computer Club (CCC) shows that the expensive hardware replacement is anything but necessary and is providing a free solution to the problem.

Like many large-scale infrastructural projects in Germany, the digitalization of the healthcare system is no reason to be proud. It is the responsibility of the company gematik, which operates a “secure” data network for patient data such as the electronic patient file or the e-prescription with the “Telematics Infrastructure” (TI). For access, the doctor's office requires a special VPN router, the TI connector, which is currently sold by three certified manufacturers.

With the TI connectors, gematik has created an extremely lucrative cartel-like business model for these manufacturers because the devices have an artificial expiry date because certificates expire. After just five years of service, the three manufacturers want to sell another 130,000 connectors. No wonder they don't care much about an alternative solution.

Planned obsolescence

For security reasons, many certificates, such as website certificates, have an expiry date. This means they need to be renewed regularly. A problem that is not only known, but for which there have long been established technical procedures for solving it. The expiration after five years is anything but surprising - but gematik has not specified any extension option for its connectors.

Manufacturers can now enjoy selling completely new devices instead of having to offer a simple software update.

Exchange instead of updating

Even gematik, as the client, is aware of the absurdity of such a hardware replacement. So she suggested a non-binding option to extend the term. Of course, not all manufacturers implemented this. As a result, the companies that had already implemented an extension option also joined the high-sales formula “exchange instead of update”: a huge deal for the manufacturers, and a further financial and logistical imposition for German practices and hospitals.

At its last representative meeting, the National Association of Statutory Health Insurance Physicians put the TI connection costs in recent years that were not reimbursed by health insurance companies at 9,000 euros for an average practice.

It gets even bolder: This costly embarrassment is set to repeat itself in 2027. The connectors now scheduled for replacement only have a five-year lifespan - and to date there is no mandatory extension of the term.

“Here a cartel wants to make a profit through strategic incompetence in the German healthcare system. This entails immense costs for all insured persons, pointless effort for an exchange with all doctors and tons of electronic waste ," said Dirk Engling, spokesman for the Chaos Computer Club. “Worse still: a repeat of the debacle in five years is already being prepared.”

Minimally invasive surgery

Recent research has shown that a software update would be possible with minimal effort: a CCC hacker documented an analysis of the firmware delivered on the connectors.

This research showed that the open source components running on the connectors can be persuaded to use an additional bouquet of renewed certificates in addition to the expiring certificates with very little effort. With this knowledge, a minimally invasive patch was just a finger exercise. The CCC donates the result to the apparently overwhelmed manufacturers.

Before these patches can be installed on the connectors, however, a handful of secret bits are needed that are only stored in gematik's vault: These would have to be used to sign the new certificates and patches for the firmware.

“If the commissioned manufacturers of TI connectors are overwhelmed by tasks as trivial as renewing certificates, the question arises as to whether gematik’s award criteria and contracts need to be tightened and more competent competitors found ,” says Engling.

Pressure from politics

In light of the ongoing burning of money in the TI, the CCC is calling on the Federal Ministry of Health to put gematik on a shorter leash and to put an end to the bungling of tenders and contracts. The CCC also calls on the Ministry of the Environment to explore possible ways to prevent the thousand-fold destruction of usable hardware, which is completely senseless from a sustainability perspective alone.

Finally, the CCC appeals to connector manufacturers to find honest ways to earn a living.

Help with updates

If gematik, representing the German healthcare system, accepts the 400 million euro gift and provides the required signatures, the CCC will offer practices and hospitals help with installing the patches. With this offer we want to ensure that unexpected logistical problems do not arise from manufacturers preventing the cheaper alternative.

Links and further information

source

Chaos Computer Club

Also read: EU chat control: report questions draft law


If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:

📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.

Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!

* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!


Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )