NHS pagers expose medical data

Radio hobbyists can intercept sensitive data through emergency communications

NHS Trust building

An amateur radio rig intercepted real-time medical data broadcasts by pagers and ambulances in North London, and leaked the information to the internet.

The rig translated radio waves into text on a hobbyist's computer screen. The display was soon populated with details of real-time medical emergencies in the rig's region of North London. An internet-connected webcam was left pointed at the computer screen and the feed, with no password protection, was accessible online by anyone who knew where to look.

Advertisement - Article continues below

Security researcher and bug bounty hunter Daley Borda viewed the live stream from his home in Florida, and reported to TechCrunch that he could see details from 999 emergency calls, including the "name, address, and injury" of those seeking medical attention.

The hobbyist also intercepted and decoded pager messages from a nearby NHS trust.

"With some cheap, relatively basic software, it is possible for hobbyists to access these frequencies and decode the information being sent, which appears is what has occurred here," a spokesperson from the hobbyist's internet provider said.

Although pagers have become mostly obsolete, they remain an integral tool in UK hospitals. About 130,000 pagers are still implemented by the NHS, which account for roughly 10% of pagers regularly used around the world.

Advertisement
Advertisement - Article continues below

Though the one-way communication devices have long been outdated, they still supercede newer tech in a few areas. Pagers operate on low frequencies, so their radio waves travel further and through more obstacles, like a hospital's thickened walls that protect doctors against radiation.

Advertisement - Article continues below

They also work in places mobile phone signal doesn't, which helps make pagers the medical professional's preferred choice over mobiles.

The downside? "They aren't secure," said Andy Keck, an amateur radio hobbyist. In recent years, software-defined radios have allowed hobbyists to decode unencrypted pager networks with just a $20 (15.50) plug-in dongle and an antenna.

Related Resource

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

"It's just enter the command to start the application, sit back, and start decoding in real time on the screen," said Keck.

TechCrunch asked one NHS spokesperson if their trust was aware of the risk of pager message interception and decoding by amateur radio hobbyists, to which they replied: "Yes."

In fact, the susceptibility of these messages to third-party viewing is something NHS trusts agree to when signing up for their network. A representative of the UK's last remaining pager network, PageOne, said: "PageOne ensures customers are aware of the ability to intercept messages in its terms and conditions" and that encrypted services "are available if required".

Advertisement - Article continues below

Failure to protect personally identifiable and health information violates GDPR, meaning trusts that allow such information to be exposed risk steep fines under the strict data protection laws.

An NHS pager ban will go into effect at the end of 2021, but the issue of information security may not go away simply because the pagers will. However, upgrading to cell phones might alleviate some of the vulnerability of data-sensitive messages. Communicating through a smartphone offers more methods for message encryption. Because yes, there's even an app for that.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement

Recommended

Visit/security/cyber-security/355185/165-million-britons-experienced-a-cyber-crime-in-the-past-year
cyber security

Report: 16.5 million Britons fell victim to cyber crime in the past year

1 Apr 2020
Visit/cloud/amazon-web-services-aws/355183/aws-launches-amazon-detective
Amazon Web Services (AWS)

AWS launches Amazon Detective for investigating security incidents

1 Apr 2020
Visit/security/privacy/355182/government-to-launch-coronavirus-contact-tracking-app
privacy

UK government to launch coronavirus 'contact tracking' app

1 Apr 2020
Visit/software/video-conferencing/355180/zoom-does-not-use-end-to-end-encrypted
video conferencing

Zoom admits meetings don't use end-to-end encryption

1 Apr 2020

Most Popular

Visit/security/cyber-crime/355171/fbi-warns-of-zoom-bombing-hackers-amidst-coronavirus-usage-spike
cyber crime

FBI warns of ‘Zoom-bombing’ hackers amid coronavirus usage spike

31 Mar 2020
Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/security/data-breaches/355173/marriott-hit-by-data-breach-exposing-personal-data-of-52-million
data breaches

Marriott data breach exposes personal data of 5.2 million guests

31 Mar 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020