-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 RFC 2350 Version: 1.8 Date: Thurs, 13 Mar 2025 15:00:00 CEST Author: Martin Habermayer (kontakt@a-healthcert.at) 1. Document information This document contains a description of Austrian HealthCERT according to RFC 2350. It provides basic information about the CERT, the ways it can be contacted, describes its responsibilities and the services offered. 1.1 Date of last update Thurs, 13 Mar 2025 15:00:00 CEST 1.2 Distribution list for notifications There are no lists defined for notifications about updates to this document. 1.3 Locations where this document may be found The current version of this document can always be found at: https://a-healthcert.at/wp-content/uploads/2025/03/rfc2350_austrian_health_cert_v1-8.txt For validation purposes, a PGP signed ASCII version of this document is located: https://a-healthcert.at/wp-content/uploads/2025/03/rfc2350_austrian_health_cert_v1-8.txt.asc The key used for signing is the AHC key as listed under 2.8. 2. Contact information 2.1 Name of the team Austrian HealthCERT (AHC) 2.2 Address Austrian HealthCERT Agentur für Gesundheit und Ernährungssicherheit GmbH Spargelfeldstraße 191 1220 Vienna Austria https://a-healthcert.at 2.3 Time zone We are located in the central European timezone (CET) which is GMT+0100 (+0200 during day-light saving time). 2.4 Telephone number +43 (0) 720 704328 2.6 Other telecommunication - - 2.7 Electronic mail address kontakt@a-healthcert.at 2.8 Public keys and encryption information 2.8.1 PGP AHC uses a master signing key to sign all keys used for operational purposes. This trust anchor is: pub rsa4096/1F5A075D5F970551 2024-02-13 [SC] [verfällt: 2029-02-11] Schl.-Fingerabdruck = DE7D 8EAC 0B20 39A1 0BB2 5ABF 1F5A 075D 5F97 0551 uid health-cert.at Master Key uid a-healthcert.at Master Key sub rsa4096/6C660E29CD5AE181 2024-02-13 [E] [verfällt: 2029-02-11] https://a-healthcert.at/wp-content/uploads/2025/03/masterkey_0x5F970551_public.key Please DO NOT use this key for communications with us. All official communication by AHC will be signed by the current team key, which is as of February 2024: https://a-healthcert.at/wp-content/uploads/2025/03/teamkey_0xE0F2A853_public.key Encrypted communications with AHC should use this - and only this - operational key. pub rsa4096/CB934678E0F2A853 2025-03-13 [SC] [verfällt: 2026-04-07] Schl.-Fingerabdruck = 402B 5792 0E42 2A9B B9BC D3FE CB93 4678 E0F2 A853 Widerrufbar durch: DE7D8EAC0B2039A10BB25ABF1F5A075D5F970551 uid a-healthcert.at (General Communication) uid a-healthcert.at uid health-cert.at (General Communication) uid health-cert.at sub rsa4096/5DF3577906F809E3 2025-03-13 [E] [verfällt: 2026-04-07] Since the team key and the master signing key expire regularly, AHC will always sign younger master signing keys with the older master signing keys as well. The current master signing key always signs the team key. 2.8.2 S/MIME Email kontakt@a-healthcert.at, reports@a-healthcert.at Subject CN=Österr. Agentur für Gesundheit und Ernährungssicherheit GmbH, EMAILADDRESS=kontakt@a-healthcert.at, OID.2.5.4.97=NTRAT-FN 223056z, O=Österr. Agentur für Gesundheit und Ernährungssicherheit GmbH, ST=Wien, C=AT Not Before Jun 25, 2024 Not After Jun 25, 2025 Subject Key Identifier 65A211CDA7C0FC9EE4538E01B6728982B705AD6D Thumbprint (SHA-512) F6143B19F9F4F0BF9B9C20D58D6207B0882EECB934C103F5155E6831D0DEE358087607365A2436F5DCCF0FD409DADD035F55D640DA1C5E5F58F21DC613701B6F Signature Algorithm SHA384WITHRSA Public Key Length 4096 Public Key Algorithm RSA 2.9 Team members The team lead of AHC is Markus Hoffmann. 2.10 Other information - - 2.11 Points of customer contact The preferred method for contacting Austrian HealthCERT is via e-mail: kontakt@a-healthcert.at. In order for reports to fall under the procedures of the NIS law, they should be submitted via https://meldeportal.a-healthcert.at (for other reports, please use e-mail). If https://meldeportal.a-healthcert.at is not accessable, operators of essential services can also contact the 24x7 hotline via phone. Austrian HealthCERT hours of operation are generally restricted to local regular business hours: Mon-Fri (except public holidays and Dec 24th/31st), 9 a.m. - 17 p.m. CET/CEST. Mandatory NIS reports by an authenticated operators of essential services can trigger a 24x7 response from AHC. 3. Charter 3.1 Mission statement The purpose of Austrian HealthCERT (AHC) is to coordinate cybersecurity efforts for the health sector in Austria. 3.2 Constituency The constituency of the AHC is defined by §8a Gesundheitstelematikgesetz and by §14 NIS law. The constituents are therefore the operators of essential services in the healthcare sector. Please refer to the Austrian legal information system (RIS) for details of the aforementioned laws: https://ris.bka.gv.at/GeltendeFassung.wxe?Abfrage=Bundesnormen&Gesetzesnummer=20008120 https://ris.bka.gv.at/GeltendeFassung.wxe?Abfrage=Bundesnormen&Gesetzesnummer=20010536 Note that usually no direct support will be given to end users; they are expected to contact their ISP, system administrator, network administrator or department head for assistance. 3.3 Sponsorship and/or affiliation AHC is an initiative of the Cybersecurity Committee for eHealth (CSAeH). Funding members are: • Austrian Federal Ministry of Social Affairs, Health, Care and Consumer Protection • eHealth executives of the federal states • eHealth executives of the Austrian Social Insurance 3.4 Authority The main purpose of AHC in incident handling is the coordination of incident response. As such, we can only advise our constituency and have no authority to demand certain actions. 4. Policies 4.1 Types of incidents and level of support AHC addresses all types of cybersecurity incidents, which occur or threaten to occur in our constituency (see 3.2) and which require cross-organizational coordination. The level of support given by AHC will vary depending on the type and severity of the incident or issue, the type of constituent, the size of the user community affected, and our resources at the time. AHC is committed to keeping its constituency informed of potential vulnerabilities and, where possible, will inform this community of such vulnerabilities before they are actively exploited. Overall, the primary role of AHC during incidents is information exchange and coordination, and not on-site incident response. 4.2 Co-operation, interaction and disclosure of information AHC will cooperate with other organizations in the field of cybersecurity. This cooperation also includes and often requires the exchange of vital information regarding security incidents and vulnerabilities. Nevertheless, AHC will protect the privacy of reporters, partners and our constituents, and therefore (under normal circumstances) pass on information in an anonymized way only unless other contractual agreements or laws apply. AHC operates under the restrictions imposed by Austrian law. This involves careful handling of personal data as required by Austrian Data Protection law, but it is also possible that - according to Austrian law - AHC may be forced to disclose information due to a court order. AHC treats all submitted information as confidential per default, and will only forward it to concerned parties in order to resolve specific incidents when consent is implicit or expressly given. For example: incoming report "Malware on www.example.com/malware, please get it cleaned up". In this case, we would forward the information only to the concerned parties (domain-holder, hoster/ISP, appropriate CERTs) to help them quickly fix the problem. We will not forward information about incidents to government authorities or the press without explicit prior permission by the submitting party. 4.3 Communication and authentication For normal communication, not containing sensitive information, AHC might use conventional methods like unencrypted e-mail. For secure communication PGP-encrypted e-mail or telephone will be used. If it is necessary to authenticate a person before communicating, this can be done either through existing webs of trust (e.g. FIRST, TI, CNW) or by other methods like call-back, mail-back or even face-to-face meeting if necessary. 5. Services 5.1 Incident response AHC will assist cybersecurity teams in handling the technical and organizational aspects of incidents. In particular, it will provide assistance or advice with respect to the following aspects of incident management: 5.1.1. Incident triage • determining whether an incident is authentic • assessing and prioritizing the incident 5.1.2. Incident coordination • determining the involved organizations • contacting the involved organizations to investigate the incident and take the appropriate steps • hosting coordination meetings or briefings • facilitating contact to other parties which can help resolve the incident • sending reports to other CERT We mainly see ourselves as information hub which knows where to send the right incident reports to in order to help and facilitate the clean-up of cybersecurity incidents. 5.1.3. Incident resolution • advising local cybersecurity teams on appropriate actions along our contingencies • following up on the progress of the concerned local cybersecurity teams • asking for reports • reporting back AHC will also collect statistics about incidents within its constituency. 5.2 Proactive activities AHC tries to • raise security awareness in its constituency • collect contact information of local cybersecurity teams • publish announcements concerning serious security threats relating to the health sector • observe current trends in technology • distribute relevant knowledge to the constituency • provide forums for community building and information exchange within the constituency 5.3 Service levels AHC will always strive to react to incoming incident reports from humans within one business day. Due to current staffing levels this cannot be guaranteed, though. If you haven't received feedback to an incident report after two business days, we ask that you contact us again. Auto-generated reports and data-feeds will be handled as automatically as possible. 6. Incident reporting forms For reports within the NIS framework, use the portal at https://meldeportal.a-healthcert.at/. For other reports use kontakt@a-healthcert.at under consideration of encryption (2.8 and 4.3). 7. Disclaimers While every precaution will be taken in the preparation of information, notifications and alerts, AHC assumes no responsibility for errors, omissions or for damages resulting from the use of the information contained within. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEQCtXkg5CKpu5vNP+y5NGeODyqFMFAmfS7ZAACgkQy5NGeODy qFM+RRAApb909VVtrOLN+i1VdcnhyikqHlk9t6tvOHCONh78Jk81Da/zZoCknBaN R9HypQ+psVSfwJQ21xI+biEEuf3R9Au+9BH5QJRnCP2sSD3SDYfZ93X2ssb+OVbb 9SDwbMnGs727jQQZiSBhLjkPgtGLx1rq9onmFgyd5NK0srjskOq1FEeyvrxmxm0I C3hwCvmvsvBjO8usanUK1veG4WPMwGmTDynx0mtGS1SWumozq31p5NNksdYOCJ3f rqcdjneHRCItQpow69KiLyz0NnqQSDh1ZAB+OcSQtJCUXvGSo+43Uypkpl8EFxJl K0ivRLzgbpqaLIm5R8Mb3SjdhJm4wdNU6uLWhlNG0d3nr6xxrOdiIxFnSg0h4WSF Wy4CuzYKlhp0YPJGQfpNXYrxgECSUq1Y9OVJw2FADfPvOpZpCtuFmerO+Fwilcp7 tLaTFGr9CD2kjGtITJ9oVskRhJ/ztRVfAKWkho7MCgGvXcYDY7/m9AbEpCukgTOX MCiui86sCFXI0EKfcfJBXpYHZjsk0Ra2aGR8yp3imv9gLXRSbm/bxyIA3mtRt4QI jxh2LEtlxVGhVkJ+1WWDI7ZS9iU38IxlyWaphrmp4kVscmwENwKdi2FifVdxHRHU e5hR/aJcmX69sIUVuzr17lE3bVbeAR87HKN60bCdis80OZF1Wz0= =av6g -----END PGP SIGNATURE-----