Passwords were poorly secured, encryption was not state-of-the-art and information about the mental illnesses of thousands of citizens was stored in databases that unauthorized persons had access to. After ZEIT ONLINE revealed dangerous security gaps in government software in Rhineland-Palatinate, the state health minister Clemens Hoch (SPD) admitted in the state parliament that there were indeed essential problems with the software ‘s data protection. “We are glad that this was noticed,” Hoch said, according to the Wiesbadener Kurier .

According to current findings, no sensitive health data of citizens has been leaked, Hoch said. However, due to another glitch in the software, it is no longer possible to determine who exactly had access to the data in the past or whether it was manipulated.

The software from Mikroprojekt is used by all health authorities in Rhineland-Palatinate and also by some authorities in other federal states. There was no public tender for this in Rhineland-Palatinate. The application manages, for example, information about notifiable infections or suspected cases of child endangerment. Many uninvolved employees also had access to this data. In addition, it might also have been possible for external attackers to steal this data. ZEIT ONLINE first reported on these vulnerabilities in November 2023.

The security gaps have apparently not yet been completely closed. Health Minister Hoch admitted this in the state parliament, according to the newspaper Trierischer Volksfreund . According to the report, software with data protection problems is still being used in the health authorities.

The data protection officer for Rhineland-Palatinate, Dieter Kugelmann, also made his position clear: He told the newspaper that “the door was open for the misuse of the data.” At the end of last year, he initially told ZEIT ONLINE that his agency had “no reason to raise data protection concerns about the state government’s digitization strategy.” He later accused the state government of keeping him in the dark about crucial details.

ZEIT ONLINE also reported that an employee of the Trier health authority had a questionable double role. In addition to her work in the authority, she also worked for the software company Mikroprojekt. She was also active in a state-wide project group on the topic, which also makes decisions for the state project and thus for 22 other health authorities.

While his ministry described this fact as “unproblematic” in February, the minister himself now apparently sees it differently. “I have to admit, I would have liked this problem to have been recognized early on and treated with the necessary sensitivity,” Hoch said in the state parliament. After consultation with the Trier health authority, the employee was removed from the project group.

Passwords were poorly secured, encryption was not state-of-the-art and information about the mental illnesses of thousands of citizens was stored in databases that unauthorized persons had access to. After ZEIT ONLINE revealed dangerous security gaps in government software in Rhineland-Palatinate, the state health minister Clemens Hoch (SPD) admitted in the state parliament that there were indeed essential problems with the software ‘s data protection. “We are glad that this was noticed,” Hoch said, according to the Wiesbadener Kurier .

SOURCE