Test runs with Germany’s first-generation electronic health cards and doctors’ “health professional cards” have suffered a serious setback. After the failure of a hardware security module HSM holding the private keys for the root Certificate Authority root CA for the first-generation cards, it emerged that the data had not been backed up. Consequently, if additional new cards are required for field testing, all of the cards previously produced for the tests will have to be replaced, because a new root CA will have to be generated.
Backups?Â We don’t need no steenkeen’ backups! I can understand running with scissors in a test environment.Â Things are in flux at times, you’re making changes to the running configs trying different scenarious.Â But come on:Â not making backups of your key infrastructure when you’ve gotten to the test and QA phases?Â This stuff should have already been sorted out at this stage.Â Makes me wonder what other architectural issues there would have been with this setup once it went into full production.Â I’d love to see what their disaster recovery/business continuity plan was.