NHS Pagers are Leaking Medical Data (Oct 30, 2019)
Daley Borda, a security researcher discovered using an amatuer radio rig, that he was able to collect real-time medical and personal data of individuals. The information was being broadcasted by hospitals and ambulances from across the U.K. Daley realized that the communications were coming from the NHS’ use of pagers for communication. They are still being commonly used in hospitals since they work on low frequencies and can travel further and deeper inside large buildings, this is beneficial for hospitals due to thick walls protecting people from harmful radiation. The problem being that the main protocols used by pagers are not encrypted and be easily viewed.
Recommendation: The exposure of Protected Health Information (PHI) and Personal Identifiable Information (PII) is of massive concern for hospitals and patients. Hospitals have been known to use outdated equipment due to budget cuts but they must ensure that all equipment being used must meet today’s security standards to avoid data exposure. For patients, they must take precautionary measures to protect their identity and their finances. Identity theft services can assist in preventing illicit purchases, or applying for financial services from taking place by actors using stolen data.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.