Vancouver Broadcasts Hospital Patient Data Over Unencrypted Wireless Pagers
Canadian based researchers from the "Open Privacy Research Society" recently rang the alarm on Vancouver based hospitals who have been broadcasting patient data in the clear over wireless pagers for several years. These days almost all radio enthusiasts know that with a cheap RTL-SDR, or any other radio, it is possible to receive pager signals, and decode them using a program called PDW. Pager signals are completely unencrypted, so anyone can read the messages being sent, and they often contain sensitive pager data.
Open Privacy staff disclosed their findings in 2018, but after no action was taken for over a year they took their findings to a journalist.
Encryption is available for pagers, but upgrading the network and pagers to support it can be costly. Pagers are also becoming less common in the age of mobile phones, but they are still commonly used in hospitals in some countries due to their higher reliability and range.
In the past we've seen several similar stories, such as this previous post where patient data was being exposed over the pager network in Kansas City, USA. There was also an art installation in New York called Holypager, that continuously printed out all pager messages that were received with a HackRF for gallery patrons to read.
Most of the data that can be seen is cleaning staff stuff. Occasionally you can see a persons name but really nothing more than what you could hear on a radio from the paramedics.
This is still happening in the United States, too.
I haven’t used a pager in over 20 years. I had no idea they were still in use!
Old news, pagers have been broadcasting patients medical data in the UK for decades. Even today locums are still getting it via pagers, just shows what Ofcom and data protection with their grossly overpaid housewives are good for.