NHS pagers expose medical data

Radio hobbyists can intercept sensitive data through emergency communications

NHS Trust building

An amateur radio rig intercepted real-time medical data broadcasts by pagers and ambulances in North London, and leaked the information to the internet.

The rig translated radio waves into text on a hobbyist's computer screen. The display was soon populated with details of real-time medical emergencies in the rig's region of North London. An internet-connected webcam was left pointed at the computer screen and the feed, with no password protection, was accessible online by anyone who knew where to look.

Security researcher and bug bounty hunter Daley Borda viewed the live stream from his home in Florida, and reported to TechCrunch that he could see details from 999 emergency calls, including the "name, address, and injury" of those seeking medical attention.

The hobbyist also intercepted and decoded pager messages from a nearby NHS trust.

"With some cheap, relatively basic software, it is possible for hobbyists to access these frequencies and decode the information being sent, which appears is what has occurred here," a spokesperson from the hobbyist's internet provider said.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Although pagers have become mostly obsolete, they remain an integral tool in UK hospitals. About 130,000 pagers are still implemented by the NHS, which account for roughly 10% of pagers regularly used around the world.

Though the one-way communication devices have long been outdated, they still supercede newer tech in a few areas. Pagers operate on low frequencies, so their radio waves travel further and through more obstacles, like a hospital's thickened walls that protect doctors against radiation.

They also work in places mobile phone signal doesn't, which helps make pagers the medical professional's preferred choice over mobiles.

The downside? "They aren't secure," said Andy Keck, an amateur radio hobbyist. In recent years, software-defined radios have allowed hobbyists to decode unencrypted pager networks with just a $20 (15.50) plug-in dongle and an antenna.

Related Resource

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

"It's just enter the command to start the application, sit back, and start decoding in real time on the screen," said Keck.

Advertisement - Article continues below

TechCrunch asked one NHS spokesperson if their trust was aware of the risk of pager message interception and decoding by amateur radio hobbyists, to which they replied: "Yes."

In fact, the susceptibility of these messages to third-party viewing is something NHS trusts agree to when signing up for their network. A representative of the UK's last remaining pager network, PageOne, said: "PageOne ensures customers are aware of the ability to intercept messages in its terms and conditions" and that encrypted services "are available if required".

Failure to protect personally identifiable and health information violates GDPR, meaning trusts that allow such information to be exposed risk steep fines under the strict data protection laws.

An NHS pager ban will go into effect at the end of 2021, but the issue of information security may not go away simply because the pagers will. However, upgrading to cell phones might alleviate some of the vulnerability of data-sensitive messages. Communicating through a smartphone offers more methods for message encryption. Because yes, there's even an app for that.

Featured Resources

Transform the operator experience with enhanced automation & analytics

Bring networking into the digital era

Download now

Artificially intelligent data centres

How the C-Suite is embracing continuous change to drive value

Download now

Deliver secure automated multicloud for containers with Red Hat and Juniper

Learn how to get started with the multicloud enabler from Red Hat and Juniper

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/security/vulnerability/354309/patch-issued-for-critical-windows-bug
vulnerability

Patch issued for critical Windows bug

11 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019
Visit/data-insights/big-data/354311/google-reveals-uks-most-searched-for-terms-in-2019
big data

Google reveals UK’s most searched for terms in 2019

11 Dec 2019