NHS Pagers Are Leaking Medical Data

An anonymous reader quotes a report from TechCrunch: An amateur radio rig exposed to the internet and discovered by a security researcher was collecting real-time medical data and health information broadcast by hospitals and ambulances across U.K. towns and cities. The rig, operated out of a house in North London, was picking up radio waves from over the air and translating them into readable text. The hobbyist's computer display was filling up with messages about real-time medical emergencies from across the region. For some reason, the hobbyist had set up an internet-connected webcam pointed at the display. But because there was no password on the webcam, anyone who knew where to look could also see what was on the rig's computer display.

Daley Borda, a security researcher and bug bounty hunter, stumbled upon the exposed webcam. The live stream was grainy, and the quality of the images so poor that it was just possible to make out the text on the display. "You can see details of calls coming in -- their name, address, and injury," he told TechCrunch. TechCrunch verified his findings. Messages spilling across the screen appeared to direct nearby ambulances where to go following calls to the 999 emergency services. One message said a 98-year-old man had fallen at his home address. A few moments later, another message said a 49-year-old male was complaining of chest pains at a nearby residence. One after the other, messages were flooding in, describing accidents, incidents and medical emergencies, often including their home addresses. "The hobbyist was picking up and decoding pager communications from a nearby regional National Health Service trust," adds TechCrunch. These devices remain a fixture in UK hospitals and "allow anyone to send messages to one or many pagers at once by calling a dedicated phone number, often manned by an operator, which are then broadcast as radio waves over the pager network."

While the NHS still uses about 130,000 pagers, according to the UK government, it's not clear how many trusts are exposing medical information -- if at all.

repeat after me

[Chromal]

If you broadcast it on a radio frequency, it's public. You cannot rely upon security through obscurity, and this demonstrates why that is.

Re:

[garyisabusyguy]

In the mid 80's a radio enthusiast recorded cell phone conversations involving a Senator and let everybody know what was possible

Congress reacted by making 'eavesdropping on cell networks' illegal

And yet, medical professionals insist on relying on outdated tech...

Re:

[Strider-]

Not quite true. You're allowed to listen, but you're not allowed to reveal what was said. However, they required that all amateur radio equipment type approved after that time to have interlocks to prevent them from receiving on the cellular bands in use at the time.

Re:

[demonlapin]

Yeah, as a medical professional, I rather prefer outdated tech for communication. It's reliable, mostly, and we know the weak spots in it. Don't blame us if it's unencrypted; blame the people who set the system up to be that way. Cell-dependent systems that generally use proprietary apps (you could do it with any number of apps, but the hospital always seems to settle on something proprietary) are the alternative. I can't rely on the cellular network, because it doesn't work in the basement of a giant reinf

Re:

[garyisabusyguy]

My local 911 system is encrypted and supplies adequate service

YOU (as a doctor) are the primary customer for these systems and if the primary customers do not demand a feature, it is not going to be provided

Quit being mentally lazy

Re:

[The New Guy 2.0]

Some radio frequencies can use encryption... and in the USA hacking a key is a crime.

1980 called...

[garyisabusyguy]

...they want their pager back

fyi, I'm pretty sure there is an app to replace this functionality

Re:

[Strider-]

The issue is that pagers are often still more reliable than smart phones. The batteries last longer, the transmit signal is stronger, and generally on a lower frequency (UHF or VHF is common) that better penetrates through large buildings, which hospitals tend to be.

Re:

[garyisabusyguy]

M'kay, if they own the spectrum (which provides better reception), then why do they NOT improve their products to include encryption?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[EvilSS]

The issue is that pagers are often still more reliable than smart phones. The batteries last longer, the transmit signal is stronger, and generally on a lower frequency (UHF or VHF is common) that better penetrates through large buildings, which hospitals tend to be.

I used to carry one for on-call work in the mid '00s and they were annoyingly good at reaching places cell phones just can't penetrate. There was no hiding from it unless you were way out in the boonies. I remember once getting a page when I was in my car on the bottom level of 4 floor underground parking garage. I had to get topside before I could call back on my cell.

We switched to using AA Energizer lithium batteries when they came out and they would last a good 6 months or more on a single battery.

Re:

[drinkypoo]

Not just that, but the pager network still works when the cellular network has been punched in the nuts by excessive use, such as during a widespread emergency.

Re:

[kot-begemot-uk]

The issue is that pagers are often still more reliable than smart phones.

No they are not. A phone acknowledges the message and it is re-broadcast until it is received. It also can use diverse transports (if you are using IM instead of SMS) - the message will arrive over WiFi, Cell, RFC1149 or whatever other network is in use.

A pager does not. If it has not picked up the message after it has been rebroadcast N times (network dependent) because you are sitting in a bar which is in a cellar you lose it.

I am tempted to say that this is a classic case of a gigantic organization w

Re:

[jabuzz]

It won't help receiving the message is the phone has not reception. The towers can keep retransmitting the message till the heat death of the universe and it won't help. On the other hand the pager system has coverage in places the phone system does not due to the laws of physics. The notion is that the pager system is more reliable because it can actually pick up the messages in more places than the phone.

FLEX medical pagers in the US too

[soycuck]

It's great for checking out hospitals you should go to and which ones you shouldn't go to. If I had a dollar for every sepsis alert, I'd be rich. It's no wonder these idiots are the 3rd leading cause of death in the US.

"Unaware of the nature of the information".....

[bev_tech_rob]

“Last night we contacted the customer to make them aware that there was a live webcam broadcasting on the open web from their household,” said a spokesperson from the internet provider. “The customer was unaware of the nature of the information being shown so has said that they will stop the feed on that particular camera.”

..
Bullshit.......they knew exactly what they were doing.......probably scared the crap out of them that someone was able to track their ass down....

Re: "Unaware of the nature of the information"....

[Italiano42]

If the person in question had the radio equipment and technical prowess to decode this information, do you not also think they were capable of securing a webcam?

I choose to believe the lack of password was deliberate. From a deniability standpoint, this decouples the interception and consumption of the content. The radio operator was maybe selling the info to local B&E crooks.

Re:

[Narcocide]

He was certainly selling it or donating it to someone for nefarious purposes, that much is certain to me. This textbook case of plausible deniability is just too obviously convenient.

Also in the news in Vancouver, BC

[Tool Man]

This came up recently; not visible on the web, but certainly broadcast across a huge metro area:
https://www.openprivacy.ca/wor... [openprivacy.ca]

Re:

[weilawei]

Wow, that's a clusterfsck. Also, refusing to notify patients would be a HIPPA violation here.

Amateur radio?

[msauve]

There's nothing in the pictures or provided facts which indicate this is a ham (amateur radio operator). You don't need a license to receive.

Re:

[Ozoner]

What idiot wrote this?

This has no connection to Amateur radio.

The receiver is monitoring commercial two-way frequencies (not Ham radio bands), and there is no indication that the owner is a Ham, or is rebroadcasting the information on the Ham bands.

Just a national pager network

[ChumpusRex2003]

From the appearance of the message decode, this is just someone tuned into the broadcasts from the pageone network. This is the only remaining commercial nationwide radio pager network in the UK. It is relatively little used, but as an old protocol it is one of the first things which people try to decode. In fact, when I purchased a $10 USB SDR, decoding pager transmissions was one of the first projects I attempted. After only a few hours, having never done any DSP programming before, I had a working decode

I have one!

[AndyKron]

I have a radio that does that too. It's called a "scanner". Had it about 20 years now.

Happens in Ontario Canada as well

[FeelGood314]

I can watch patient transfers between hospital rooms. Pagers are not secure. The messages are broadcast to every pager in a geographic region. The pagers themselves filter out the messages that are not meant for them. If you can listen to the pager frequencies you can see every message. You can also forge messages if you can transmit. No authentication either. So no privacy, no authentication and it gets worse. The protocol fails to correct bit errors in about 4% of messages. This is because the pr

beepers

[Rich_Lather]

There's a beeper service operating out of north Georgia that sends out HIPAA data in the clear on beeper frequencies. It's pretty easy to decode using RTL-SDR and the appropriate software.