These pages contain information about the security architecture and vulnerabilities found in the Dutch electronic patient record system (EPD). To our knowledge, this is the first independent security analysis of the Dutch Electronic Patient Dossier.
A detailed technical description of the EPD system's architecture and the security analysis is given in Technical Report UVA-SNE-2010-01.
Here is a summary of the main findings.
Some background information about the origins of this research can be found here.
I wrote a letter to the senate, which provides an introduction and an overview of the results which might be interesting for Dutch readers.
For a quick overview of the system, some background, and some results, please see this overview.
For an authoritive overview, please read the technical report and the letter to the senate.
The ministry (VWS) issued a sharp response after the findings were reported, describing the work as "unfounded." Here is my reaction to that.