This page presents a security analysis, describing vulnerabilities we found in the design of the Dutch electronic patient record system (EPD).
Nieuws (update 30 november 2012).
Alles op een rijtje (aanbevelingen in het kort).
A paper about the security architecture of the EPD system was published at the ACM Computer and Communications Security Conference SPIMACS workshop, October 2010. See publications
Here is a brief summary of the key findings in English.
A technical paper describing the EPD's system architecture and security aspects can be found here: Technical Report UVA-SNE-2010-01.
The letter that I wrote to the senate, summarizing the main findings of this research (in Dutch) can be found here.
The ministry (VWS) issued a sharp response after the findings were reported, describing the work as "unfounded." Instead, the response is unfounded. Here is my reaction to that.