Table of Contents
- What Is the eHBA ECC Migration Problem and How Does It Affect Your Medical Practice in Germany?
- Medisign Is Recalling Newly Issued eHBA Cards — Here Is What You Need to Know
- Why eHBA Cards Had to Change in the First Place
- The Migration Did Not Go Smoothly
- What Went Wrong With the New ECC Cards
- What Medisign Is Doing Right Now
- What This Means for Your Practice
What Is the eHBA ECC Migration Problem and How Does It Affect Your Medical Practice in Germany?
Medisign Is Recalling Newly Issued eHBA Cards — Here Is What You Need to Know
If you received a new electronic healthcare professional ID card (eHBA) from medisign at the start of 2026, pay close attention: those cards are being recalled. The reason is a technical misconfiguration introduced during production — not a security breach, but a flaw that can disrupt your daily practice operations.
Why eHBA Cards Had to Change in the First Place
The transition stems from a well-established security concern. For years, Germany’s telematics infrastructure (TI) — the secure digital network connecting medical practices, hospitals, and health insurers — relied on RSA2048 encryption to protect communications.
RSA encryption is asymmetric, meaning it uses separate keys for encryption and signing. The fundamental weakness of basic RSA is that its deterministic nature makes it possible, in theory, for attackers to predict or reconstruct key material over time. Because of this, the Federal Office for Information Security (BSI) formally prohibited RSA2048 use within the TI sector, effective January 1, 2026.
The replacement standard is ECC — Elliptic Curve Cryptography. ECC provides equivalent or stronger security with shorter key lengths, making it faster and more resistant to the weaknesses that affect RSA. All TI components, including connectors, card terminals, and healthcare professional ID cards, were required to migrate to ECC by this deadline.
The Migration Did Not Go Smoothly
By mid-2025, it became clear that the full migration across German medical practices could not realistically be completed on time. Statutory health insurance associations requested a grace period, which was reportedly extended to mid-2026. Medisign itself had already been dealing with a separate interface issue — the connection between its systems and state medical chambers (Ärztekammern) was broken, preventing pre-filled renewal applications from being submitted or processed.
That alone was a significant operational setback. What followed made the situation considerably worse.
What Went Wrong With the New ECC Cards
Medisign issued new eHBA cards at the start of 2026 configured under the “ECC-only” standard. However, a technical analysis identified a misconfiguration during the card personalization process.
Specifically, the RSA key — which should be fully deactivated when a card is issued under ECC-only operation — was left active on the affected cards. While this does not create a direct security vulnerability, it creates a serious interoperability problem: the card can produce an invalid signature without certificates, which means it may fail to function correctly when connecting to TI connectors in your practice.
Gematik, Germany’s digital health regulatory authority, identified the problem and instructed medisign to act.
What Medisign Is Doing Right Now
Medisign is contacting affected cardholders directly. The company is producing replacement cards and shipping them to all holders of affected eHBAs — those issued from the beginning of 2026 onward under the ECC-only configuration.
The process works as follows:
- You receive the new replacement card from medisign
- You activate the new card and put it into operation
- Once activated, your old card is automatically deactivated by medisign
No action is required before you receive the replacement card. You do not need to send your current card back first.
What This Means for Your Practice
From an operational standpoint, the immediate risk is connector incompatibility — your TI connector may reject signatures from the misconfigured card, interrupting workflows such as electronic prescriptions, digital patient file access, or secure messaging.
If you are experiencing unexplained connector errors or signature failures with a recently issued medisign eHBA, this misconfiguration is the most likely cause. Contact medisign directly through their customer portal to verify whether your card is among the affected batch.
The broader picture here is that Germany’s TI migration to ECC has been marked by compressed timelines, infrastructure dependencies, and coordination challenges across dozens of providers and thousands of practices. This recall is one visible consequence of that pressure. As a cardholder, the most practical step right now is to monitor communications from medisign and activate your replacement card promptly once it arrives.