Just Trying to Get TV Channels on His Laptop, He Found Unencrypted Patient Data from Pagers
July 5, 2018 | Risk Management News
Hospitals across the country may be exposing patient data every time they page one of their doctors, according to a June 22, 2018, article in the Kansas City Star. Some hospitals have moved to secure, encrypted pager systems, the article said, but others are sending information that could include patient names, birthdays, and diagnoses through open networks. These open transmissions can be intercepted using free software and a $30 antenna, often used by radio hobbyists, the author said. The issue was brought to the Star's attention by an information technology (IT) worker, who "stumbled across hospital pager information" while using an antenna he had purchased to get television channels on his laptop. Instead of seeing television shows, he started seeing information with patient and doctor names and medical diagnoses such as "TONSILAR BLEED, ANEMIA, THROMBOCYTOPENIA." The IT worker said he was surprised to see hospitals still using pagers and to see pagers being used to send unprotected patient data. The man stumbled upon the information by accident, but said he wanted to bring attention to the fact that this information would be easy for a criminal to find. A cybersecurity adviser at the American Hospital Association said all hospitals should change to "secure, encrypted pager systems."