TGKK suspects access to data for billing

A day after the theft of more than 600,000 records of insured persons of the Tyrolean Regional Health Insurance (TGKK) this seems the first firm lead in the search for the data leak to have: The information could have been intercepted in the course of clearing or settlement of a patient. The hacker group AnonAustria, the offshoot of Austria Anonymous says, without a hack it “stumbled” to be. The medical association said in view of the incident even more concerns about e-medication and the entire electronic health record.

than 600,000 records of insured persons – including celebrities such as Hansi Hinterseer, Tobias Moretti and Nicole Hosp – were stolen from AnonAustria. The hackers insist, however, she only discovered by chance to have a hack was not necessary.

How exactly but in the possession of the data were not betray the AnonAustria members. The TGKK is therefore feverishly looking – and now seems to have a first clue. Because the data system was hacked the cashier not TGKK director Arno Melitopulos assured on Thursday. Rather, most likely in the course of clearing or settlement of patient access to the data packet has been.

Constitutional protection

The police identified the massive data theft comes after – the Tyrolean State Office for State Protection and Counter-terrorism and the appropriate federal office have taken over the investigation. Details the Home Office wanted to tell but not, spokeswoman Sonja Jell but assured that the investigation went “full swing”, there was a suspicion of illegal access to computer systems and the unauthorized transfer of data.

“Non-data system for the box office hacked”

Both in the IT TGKK and in Vienna at the ITSV, where the nodes of the social insurance lies, had been set up a crisis team on Wednesday, it said. Throughout the night, the firewalls have been tested. Therefore, the theft could be restricted. “The data system was not hacked the box office and it is not happening on the transfer path,” said Arno Melitopulos TGKK director on Thursday with an initial knowledge.

50 contractors under the magnifying glass

“It must be from a third party,” said Melitopulos, adding that was accessed with high probability in the course of clearing or settlement of a patient to the data packet. During the day they would lead with the 50 eligible contractors talks. Among them were no doctors or hospitals, assured the director.

No data on diseases captured

The records give the monthly health insurance to contractors such as doctors, the Red Cross or ambulance company had further said chairman Michael Huber on Wednesday. This system can be checked whether anyone was actually insured. The affected dates, the name of the insured, whose social security number, the insured person and the address would be announced. Huber concluded that medical records may have been hacked. “Once we know the details about the data that we begin to inform those affected,” he said. In his opinion there were a “criminal history”.

For now, wanted a precaution no data transmission more

TGKK the calls were received after the data theft can be insured worried that their e-card lock. Were on the e-card but “no sensitive data stored,” the deputy director tried to calm Hollaus Heinz. They serve only to the contracting party is entitled to benefits demonstrated. “Is cleared up completely, where the data leak occurs, the TGKK is now no more data to the public hospitals, emergency services etc. are available”, it said in a press release.

Medical Association expressed privacy concerns

The Vice President of the Austrian Medical Chamber, Artur Wechselberger – also president of the Tyrolean medical professional organization for data security – which has given the data theft in terms of both the e-medication as well as the overall project electronic health record (ELGA) showed suspicious. “This confirms concerns regarding data protection in the health sector,” he said on Thursday.

“The protection of the data must have absolute priority,” demanded Wechselberger respect on the part of the Medical Association strongly criticized the project always e-medication, which is part of ELGA. For the past five years, we discuss about the electronic health record and the information had been “highly unsatisfactory and inadequate.” Until now we’ve only had the technical feasibility in mind, criticized the medical association’s Vice President.

patient rights, patient rights protection, questions about the roles, for example, who have access to the data and how the patient could be protected, yet loud enough Wechselberger been considered. On the fundamental principle of data protection with the balance between benefit and risk must be placed in his view for more care.

E-card company assured: “We feel on the safe side”

Soothing words on Thursday found Josef Mikus, Director of “peering point – connecting e-health”. About the LLC, the communication of Social Security e-card. He initially doubted the information from Anonymous: “Artists like Hansi Hinterseer are usually insured by the Social Security Institution for Trade and Industry (SVA, note).” The insured with the insurance funds are classically employees.

For the security of e-card system, said Mikus…. “The system is sealed to the outside Absolute certainty is not at all But through our system are just single queries not handled it comes to large data delivery, we are committed to the safe side. “

Pharmacists Association: “Huge security effort”

also the director of the Pharmaceutical Salary Fund, Wolfgang Nowatschek, at the Austrian Chamber of Pharmacists – there go the electronic prescription transfer, but also the e-medication pilot – said the highest safety standards: “Obviously, the data ( The Anonymous should be approached, note not) encrypted. We carry a huge security effort. The data is encrypted during storage and transport. Of course we have a double firewall, but even if someone gets through there, he finds only ‘illegible’ data Salad “. Also, the GIS data stolen by hackers and other published data were not encrypted respectively.

Nowatschek is the main teaching of affairs that would have that data in storage and shipping each be encrypted. The most important safety precaution, but anonymity is responsible authorities. The pilot for the e-medication even when it comes to data security in Austria is currently probably a rather small problem: So far there are only about 6,000 participants, according Nowatschek

. AG / red

Source: Krone.at – Digital

Related News