This page presents a security analysis, describing vulnerabilities we found in the design of the Dutch electronic patient record system (EPD).
Nederlands
Nieuws (update 30 november 2012).
Alles op een rijtje (aanbevelingen in het kort).
English
A paper about the security architecture of the EPD system was published at the ACM Computer and Communications Security Conference SPIMACS workshop, October 2010. See publications
Here is a brief summary of the key findings in English.
A technical paper describing the EPD's system architecture and security aspects can be found here: Technical Report UVA-SNE-2010-01.
The letter that I wrote to the senate, summarizing the main findings of this research (in Dutch) can be found here.
The ministry (VWS) issued a sharp response after the findings were reported, describing the work as "unfounded." Instead, the response is unfounded. Here is my reaction to that.