IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

NHS pagers expose medical data

Radio hobbyists can intercept sensitive data through emergency communications

An amateur radio rig intercepted real-time medical data broadcasts by pagers and ambulances in North London, and leaked the information to the internet.

The rig translated radio waves into text on a hobbyist's computer screen. The display was soon populated with details of real-time medical emergencies in the rig's region of North London. An internet-connected webcam was left pointed at the computer screen and the feed, with no password protection, was accessible online by anyone who knew where to look.

Security researcher and bug bounty hunter Daley Borda viewed the live stream from his home in Florida, and reported to TechCrunch that he could see details from 999 emergency calls, including the "name, address, and injury" of those seeking medical attention.

The hobbyist also intercepted and decoded pager messages from a nearby NHS trust.

"With some cheap, relatively basic software, it is possible for hobbyists to access these frequencies and decode the information being sent, which appears is what has occurred here," a spokesperson from the hobbyist's internet provider said.

Although pagers have become mostly obsolete, they remain an integral tool in UK hospitals. About 130,000 pagers are still implemented by the NHS, which account for roughly 10% of pagers regularly used around the world.

Though the one-way communication devices have long been outdated, they still supercede newer tech in a few areas. Pagers operate on low frequencies, so their radio waves travel further and through more obstacles, like a hospital's thickened walls that protect doctors against radiation.

They also work in places mobile phone signal doesn't, which helps make pagers the medical professional's preferred choice over mobiles.

The downside? "They aren't secure," said Andy Keck, an amateur radio hobbyist. In recent years, software-defined radios have allowed hobbyists to decode unencrypted pager networks with just a $20 (15.50) plug-in dongle and an antenna.

Related Resource

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

"It's just enter the command to start the application, sit back, and start decoding in real time on the screen," said Keck.

TechCrunch asked one NHS spokesperson if their trust was aware of the risk of pager message interception and decoding by amateur radio hobbyists, to which they replied: "Yes."

In fact, the susceptibility of these messages to third-party viewing is something NHS trusts agree to when signing up for their network. A representative of the UK's last remaining pager network, PageOne, said: "PageOne ensures customers are aware of the ability to intercept messages in its terms and conditions" and that encrypted services "are available if required".

Failure to protect personally identifiable and health information violates GDPR, meaning trusts that allow such information to be exposed risk steep fines under the strict data protection laws.

An NHS pager ban will go into effect at the end of 2021, but the issue of information security may not go away simply because the pagers will. However, upgrading to cell phones might alleviate some of the vulnerability of data-sensitive messages. Communicating through a smartphone offers more methods for message encryption. Because yes, there's even an app for that.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Most Popular

Salaries for the least popular programming languages surge as much as 44%
Development

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022
Attracting and retaining talent through training
Sponsored

Attracting and retaining talent through training

13 Jun 2022
The top programming languages you need to learn for 2022
Careers & training

The top programming languages you need to learn for 2022

23 Jun 2022