-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

RFC 2350 

Version: 1.8
Date: Thurs, 13 Mar 2025 15:00:00 CEST

Author: Martin Habermayer (kontakt@a-healthcert.at)

1. Document information

This document contains a description of Austrian HealthCERT according to RFC 2350. 
It provides basic information about the CERT, the ways it can be contacted, describes its responsibilities and the services offered.

1.1 Date of last update
Thurs, 13 Mar 2025 15:00:00 CEST

1.2 Distribution list for notifications
There are no lists defined for notifications about updates to this document.

1.3 Locations where this document may be found

The current version of this document can always be found at: 
https://a-healthcert.at/wp-content/uploads/2025/03/rfc2350_austrian_health_cert_v1-8.txt

For validation purposes, a PGP signed ASCII version of this document is located: 
https://a-healthcert.at/wp-content/uploads/2025/03/rfc2350_austrian_health_cert_v1-8.txt.asc

The key used for signing is the AHC key as listed under 2.8.

2. Contact information

2.1 Name of the team
Austrian HealthCERT (AHC)

2.2 Address

Austrian HealthCERT
Agentur für Gesundheit und Ernährungssicherheit GmbH
Spargelfeldstraße 191
1220 Vienna
Austria
https://a-healthcert.at

2.3 Time zone
We are located in the central European timezone (CET) which is GMT+0100 (+0200 during day-light saving time).

2.4 Telephone number
+43 (0) 720 704328

2.6 Other telecommunication
- -

2.7 Electronic mail address
kontakt@a-healthcert.at 

2.8 Public keys and encryption information


2.8.1 PGP


AHC uses a master signing key to sign all keys used for operational purposes.

This trust anchor is: 

pub   rsa4096/1F5A075D5F970551 2024-02-13 [SC] [verfällt: 2029-02-11]
  Schl.-Fingerabdruck = DE7D 8EAC 0B20 39A1 0BB2  5ABF 1F5A 075D 5F97 0551
uid                            health-cert.at Master Key <only-signing-no-mail@health-cert.at>
uid                            a-healthcert.at Master Key <only-signing-no-mail@a-healthcert.at>
sub   rsa4096/6C660E29CD5AE181 2024-02-13 [E] [verfällt: 2029-02-11]

https://a-healthcert.at/wp-content/uploads/2025/03/masterkey_0x5F970551_public.key

Please DO NOT use this key for communications with us. 

All official communication by AHC will be signed by the current team key, which is as of February 2024:
https://a-healthcert.at/wp-content/uploads/2025/03/teamkey_0xE0F2A853_public.key

Encrypted communications with AHC should use this - and only this - operational key.

pub   rsa4096/CB934678E0F2A853 2025-03-13 [SC] [verfällt: 2026-04-07]
  Schl.-Fingerabdruck = 402B 5792 0E42 2A9B B9BC  D3FE CB93 4678 E0F2 A853
      Widerrufbar durch: DE7D8EAC0B2039A10BB25ABF1F5A075D5F970551
uid                            a-healthcert.at (General Communication) <kontakt@a-healthcert.at>
uid                            a-healthcert.at <reports@a-healthcert.at>
uid                            health-cert.at (General Communication) <kontakt@health-cert.at>
uid                            health-cert.at <reports@health-cert.at>
sub   rsa4096/5DF3577906F809E3 2025-03-13 [E] [verfällt: 2026-04-07]

Since the team key and the master signing key expire regularly, AHC will always sign younger master signing keys with the older master signing keys as well. 
The current master signing key always signs the team key.

2.8.2 S/MIME

Email kontakt@a-healthcert.at, reports@a-healthcert.at
Subject CN=Österr. Agentur für Gesundheit und Ernährungssicherheit GmbH, EMAILADDRESS=kontakt@a-healthcert.at, OID.2.5.4.97=NTRAT-FN 223056z, O=Österr. Agentur für Gesundheit und Ernährungssicherheit GmbH, ST=Wien, C=AT
Not Before Jun 25, 2024
Not After Jun 25, 2025
Subject Key Identifier 65A211CDA7C0FC9EE4538E01B6728982B705AD6D
Thumbprint (SHA-512) F6143B19F9F4F0BF9B9C20D58D6207B0882EECB934C103F5155E6831D0DEE358087607365A2436F5DCCF0FD409DADD035F55D640DA1C5E5F58F21DC613701B6F
Signature Algorithm SHA384WITHRSA
Public Key Length 4096
Public Key Algorithm RSA


2.9 Team members

The team lead of AHC is Markus Hoffmann.

2.10 Other information

- -

2.11 Points of customer contact
The preferred method for contacting Austrian HealthCERT is via e-mail: kontakt@a-healthcert.at.  

In order for reports to fall under the procedures of the NIS law, they should be submitted via 
https://meldeportal.a-healthcert.at (for other reports, please use e-mail). 
If https://meldeportal.a-healthcert.at is not accessable, operators of essential services can also contact the 24x7 hotline via phone.

Austrian HealthCERT hours of operation are generally restricted to local regular business hours: 
Mon-Fri (except public holidays and Dec 24th/31st), 9 a.m. - 17 p.m. CET/CEST. 

Mandatory NIS reports by an authenticated operators of essential services can trigger a 24x7 response from AHC.


3. Charter

3.1 Mission statement
The purpose of Austrian HealthCERT (AHC) is to coordinate cybersecurity efforts for the health sector in Austria.

3.2 Constituency
The constituency of the AHC is defined by §8a Gesundheitstelematikgesetz and by §14 NIS law. The constituents are therefore the operators of essential services in the healthcare sector.

Please refer to the Austrian legal information system (RIS) for details of the aforementioned laws:
https://ris.bka.gv.at/GeltendeFassung.wxe?Abfrage=Bundesnormen&Gesetzesnummer=20008120
https://ris.bka.gv.at/GeltendeFassung.wxe?Abfrage=Bundesnormen&Gesetzesnummer=20010536 

Note that usually no direct support will be given to end users; they are expected to contact their ISP, 
system administrator, network administrator or department head for assistance. 

3.3 Sponsorship and/or affiliation
AHC is an initiative of the Cybersecurity Committee for eHealth (CSAeH). Funding members are: 
•	Austrian Federal Ministry of Social Affairs, Health, Care and Consumer Protection
•	eHealth executives of the federal states
•	eHealth executives of the Austrian Social Insurance

3.4 Authority
The main purpose of AHC in incident handling is the coordination of incident response. 
As such, we can only advise our constituency and have no authority to demand certain actions. 


4. Policies

4.1 Types of incidents and level of support

AHC addresses all types of cybersecurity incidents, which occur or threaten to occur in our 
constituency (see 3.2) and which require cross-organizational coordination.
The level of support given by AHC will vary depending on the type and severity of the incident or issue,
the type of constituent, the size of the user community affected, and our resources at the time. 

AHC is committed to keeping its constituency informed of potential vulnerabilities and,
where possible, will inform this community of such vulnerabilities before they are actively exploited.

Overall, the primary role of AHC during incidents is information exchange and coordination, and not on-site incident response.

4.2 Co-operation, interaction and disclosure of information

AHC will cooperate with other organizations in the field of cybersecurity. 
This cooperation also includes and often requires the exchange of vital information regarding security incidents and vulnerabilities. 
Nevertheless, AHC will protect the privacy of reporters, partners and our constituents, and therefore (under normal circumstances) 
pass on information in an anonymized way only unless other contractual agreements or laws apply. AHC operates under the restrictions imposed by Austrian law.
This involves careful handling of personal data as required by Austrian Data Protection law,
but it is also possible that - according to Austrian law - AHC may be forced to disclose information due to a court order.

AHC treats all submitted information as confidential per default, and will only forward it to concerned parties in order to resolve specific incidents when consent is implicit or expressly given.

For example: incoming report "Malware on www.example.com/malware, please get it cleaned up". In this case, we would forward the information only to the concerned parties (domain-holder, hoster/ISP, appropriate CERTs) to help them quickly fix the problem. We will not forward information about incidents to government authorities or the press without explicit prior permission by the submitting party.

4.3 Communication and authentication
For normal communication, not containing sensitive information, AHC might use conventional methods like unencrypted e-mail. 
For secure communication PGP-encrypted e-mail or telephone will be used. 
If it is necessary to authenticate a person before communicating, this can be done either through existing webs of trust (e.g. FIRST, TI, CNW) 
or by other methods like call-back, mail-back or even face-to-face meeting if necessary.

5. Services

5.1 Incident response
AHC will assist cybersecurity teams in handling the technical and organizational aspects of incidents. 

In particular, it will provide assistance or advice with respect to the following aspects of incident management:

5.1.1. Incident triage
•	determining whether an incident is authentic
•	assessing and prioritizing the incident

5.1.2. Incident coordination
•	determining the involved organizations
•	contacting the involved organizations to investigate the incident and take the appropriate steps
•	hosting coordination meetings or briefings
•	facilitating contact to other parties which can help resolve the incident
•	sending reports to other CERT

We mainly see ourselves as information hub which knows where to send the right incident reports 
to in order to help and facilitate the clean-up of cybersecurity incidents.

5.1.3. Incident resolution
•	advising local cybersecurity teams on appropriate actions along our contingencies
•	following up on the progress of the concerned local cybersecurity teams
•	asking for reports
•	reporting back
AHC will also collect statistics about incidents within its constituency.



5.2 Proactive activities
AHC tries to
•	raise security awareness in its constituency
•	collect contact information of local cybersecurity teams
•	publish announcements concerning serious security threats relating to the health sector
•	observe current trends in technology
•	distribute relevant knowledge to the constituency
•	provide forums for community building and information exchange within the constituency

5.3 Service levels
AHC will always strive to react to incoming incident reports from humans within one business day. 
Due to current staffing levels this cannot be guaranteed, though. 
If you haven't received feedback to an incident report after two business days, we ask that you contact us again. 
Auto-generated reports and data-feeds will be handled as automatically as possible.
 
6. Incident reporting forms
For reports within the NIS framework, use the portal at https://meldeportal.a-healthcert.at/.
For other reports use kontakt@a-healthcert.at under consideration of encryption (2.8 and 4.3).


7. Disclaimers
While every precaution will be taken in the preparation of information, notifications and alerts,
AHC assumes no responsibility for errors, omissions or for damages resulting from the use of the information contained within.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEQCtXkg5CKpu5vNP+y5NGeODyqFMFAmfS7ZAACgkQy5NGeODy
qFM+RRAApb909VVtrOLN+i1VdcnhyikqHlk9t6tvOHCONh78Jk81Da/zZoCknBaN
R9HypQ+psVSfwJQ21xI+biEEuf3R9Au+9BH5QJRnCP2sSD3SDYfZ93X2ssb+OVbb
9SDwbMnGs727jQQZiSBhLjkPgtGLx1rq9onmFgyd5NK0srjskOq1FEeyvrxmxm0I
C3hwCvmvsvBjO8usanUK1veG4WPMwGmTDynx0mtGS1SWumozq31p5NNksdYOCJ3f
rqcdjneHRCItQpow69KiLyz0NnqQSDh1ZAB+OcSQtJCUXvGSo+43Uypkpl8EFxJl
K0ivRLzgbpqaLIm5R8Mb3SjdhJm4wdNU6uLWhlNG0d3nr6xxrOdiIxFnSg0h4WSF
Wy4CuzYKlhp0YPJGQfpNXYrxgECSUq1Y9OVJw2FADfPvOpZpCtuFmerO+Fwilcp7
tLaTFGr9CD2kjGtITJ9oVskRhJ/ztRVfAKWkho7MCgGvXcYDY7/m9AbEpCukgTOX
MCiui86sCFXI0EKfcfJBXpYHZjsk0Ra2aGR8yp3imv9gLXRSbm/bxyIA3mtRt4QI
jxh2LEtlxVGhVkJ+1WWDI7ZS9iU38IxlyWaphrmp4kVscmwENwKdi2FifVdxHRHU
e5hR/aJcmX69sIUVuzr17lE3bVbeAR87HKN60bCdis80OZF1Wz0=
=av6g
-----END PGP SIGNATURE-----