Media report data leak at second largest health insurance - Barmer contradicts

Barmer: Sensitive health data released - Privacy Commissioner turned on
The patient data of several million health insurance fund members may not be sufficiently protected. Thus, a test of the "Rheinische Post" (RP) showed that unauthorized persons could query sensitive data of the insured of the Barmer GEK. The cash register contradicts, but the Federal Data Protection Commissioner ordered a comprehensive security check.
Intimate information is easy to obtain
According to a report of the "Rheinische Post" (RP) there is a data leak at Germany's second largest health insurance company Barmer GEK. According to the newspaper, by faking a false identity with a few phone calls and a few mouse clicks, unauthorized persons can query details about diagnoses, prescribed drugs, hospital stays and other intimate information. It is said that a tester commissioned by the RP had managed to log into patient data via an online access of the cash register.

Privacy not sure? Image: putilov_denis - fotolia

Kasse admits a breakdown
According to the report, the tester had only the name, the date of birth and the insured number of the data victim available. However, Barmer GEK disagreed that unauthorized persons could easily gain access to insurance data on the Internet. The action was "more like a simulated theft of an insurance card against which no institution can defend itself," said Barmer spokesman Athanasios Drougias. According to various media, the speaker admits in this case, however, a glitch.

Cracking the data also possible with other funds
According to RP, the cracking of the Barmer data was the fifth case within 20 months. Even with other insurers unauthorized persons can call with a few phone calls and a few mouse clicks details on medical treatment, diagnoses, prescribed medicines, hospital stays and other intimate information, according to the newspaper. Accordingly, this proof is also available for three other funds, including the AOK.

Data Protection Commissioner wants investigation
The Federal Data Protection Commissioner Andrea Voßhoff told the RP that she would "urge the Federal Insurance Office once again to investigate the issue within its jurisdiction". Furthermore, she wants to take the case as an opportunity to "protect the privacy of cash registers in telephone customer contacts" in principle. The risk of third parties being able to misappropriately access sensitive health data must be prevented as far as possible.

Security risk should be eliminated
The "Rheinische Post" According to the Barmer said the data leak with "human error" of the employees in the call center. The fund will take action to eliminate this security risk. Similarly, the Barmer argued in 2014, as a test by RP showed that easy access to patient data is possible. At that time it was said of the cashier, it must be "a mistake of an employee who obviously did not comply with all rules for identification." Normally, "strict safety regulations" would be followed when dealing with patient data. Apparently, there is still room for improvement. (Ad)