Zack Whittaker, the security editor at TechCrunch has an extraordinary scoop today.
He reports that medical data is being broadcast unencrypted by hospitals across the UK, as ambulances are directed to respond to 999 emergency calls.
Why unencrypted? Because the information is being sent by old-fashioned pagers – a technology that you might have thought was dead and buried long ago and replaced with smartphones.
As Whittaker explains, there are good reasons why pagers are still widely used within the National Health Service:
Pagers — or beepers — may be a relic of the past, but remain a fixture in UK hospitals.
These traditionally one-way communication devices allow anyone to send messages to one or many pagers at once by calling a dedicated phone number, often manned by an operator, which are then broadcast as radio waves over the pager network. But pagers still offer benefits where newer technologies, like cell phones, fall down. Because they work a low frequency, pager radio waves are able to travel further and deeper inside large buildings — particularly hospitals — which have thickened walls to protect others from X-rays and other radiation. Pagers also work across long distances, including in cell service dead-spots.
Although pagers encode messages before transmission, that’s a very different thing from encryption. And, apparently, all that is required to pick up and decode the messages sent via pagers is “a $20 plug-in dongle and an antenna”.
But perhaps what’s most extraordinary is how this problem of pagers leaking NHS data came to light. It wasn’t because a security researcher investigated the issue and found the sensitive ..
Support the originator by clicking the read the rest link below.
