NHS pagers expose medical data

Radio hobbyists can intercept sensitive data through emergency communications

NHS Trust building

An amateur radio rig intercepted real-time medical data broadcasts by pagers and ambulances in North London, and leaked the information to the internet.

The rig translated radio waves into text on a hobbyist's computer screen. The display was soon populated with details of real-time medical emergencies in the rig's region of North London. An internet-connected webcam was left pointed at the computer screen and the feed, with no password protection, was accessible online by anyone who knew where to look.

Security researcher and bug bounty hunter Daley Borda viewed the live stream from his home in Florida, and reported to TechCrunch that he could see details from 999 emergency calls, including the "name, address, and injury" of those seeking medical attention.

The hobbyist also intercepted and decoded pager messages from a nearby NHS trust.

"With some cheap, relatively basic software, it is possible for hobbyists to access these frequencies and decode the information being sent, which appears is what has occurred here," a spokesperson from the hobbyist's internet provider said.

Although pagers have become mostly obsolete, they remain an integral tool in UK hospitals. About 130,000 pagers are still implemented by the NHS, which account for roughly 10% of pagers regularly used around the world.

Though the one-way communication devices have long been outdated, they still supercede newer tech in a few areas. Pagers operate on low frequencies, so their radio waves travel further and through more obstacles, like a hospital's thickened walls that protect doctors against radiation.

They also work in places mobile phone signal doesn't, which helps make pagers the medical professional's preferred choice over mobiles.

The downside? "They aren't secure," said Andy Keck, an amateur radio hobbyist. In recent years, software-defined radios have allowed hobbyists to decode unencrypted pager networks with just a $20 (15.50) plug-in dongle and an antenna.

Related Resource

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

"It's just enter the command to start the application, sit back, and start decoding in real time on the screen," said Keck.

TechCrunch asked one NHS spokesperson if their trust was aware of the risk of pager message interception and decoding by amateur radio hobbyists, to which they replied: "Yes."

In fact, the susceptibility of these messages to third-party viewing is something NHS trusts agree to when signing up for their network. A representative of the UK's last remaining pager network, PageOne, said: "PageOne ensures customers are aware of the ability to intercept messages in its terms and conditions" and that encrypted services "are available if required".

Failure to protect personally identifiable and health information violates GDPR, meaning trusts that allow such information to be exposed risk steep fines under the strict data protection laws.

An NHS pager ban will go into effect at the end of 2021, but the issue of information security may not go away simply because the pagers will. However, upgrading to cell phones might alleviate some of the vulnerability of data-sensitive messages. Communicating through a smartphone offers more methods for message encryption. Because yes, there's even an app for that.

Featured Resources

BIOS security: The next frontier for endpoint protection

Today’s threats upend traditional security measures

Download now

The role of modern storage in a multi-cloud future

Research exploring the impact of modern storage in defining cloud success

Download now

Enterprise data protection: A four-step plan

An interactive buyers’ guide and checklist

Download now

The total economic impact of Adobe Sign

Cost savings and business benefits enabled by Adobe Sign

Download now

Recommended

8 of the most secure web browsers
web browser

8 of the most secure web browsers

25 Sep 2020
Your essential guide to internet security
Security

Your essential guide to internet security

23 Sep 2020
How to enable private browsing on any device
privacy

How to enable private browsing on any device

22 Sep 2020
Third-party apps are tracking your WhatsApp activity
social media

Third-party apps are tracking your WhatsApp activity

21 Sep 2020

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
Google removes 17 apps infected with evasive ‘Joker’ malware
malware

Google removes 17 apps infected with evasive ‘Joker’ malware

28 Sep 2020