Medical data is being leaked by NHS pagers, and then broadcast for the world to see…

Graham Cluley
Graham Cluley
@[email protected]

Medical data is being leaked by NHS pagers, and then broadcast for the world to see...

Zack Whittaker, the security editor at TechCrunch has an extraordinary scoop today.

He reports that medical data is being broadcast unencrypted by hospitals across the UK, as ambulances are directed to respond to 999 emergency calls.

Why unencrypted? Because the information is being sent by old-fashioned pagers – a technology that you might have thought was dead and buried long ago and replaced with smartphones.

Sign up to our free newsletter.
Security news, advice, and tips.

As Whittaker explains, there are good reasons why pagers are still widely used within the National Health Service:

Pagers — or beepers — may be a relic of the past, but remain a fixture in UK hospitals.

These traditionally one-way communication devices allow anyone to send messages to one or many pagers at once by calling a dedicated phone number, often manned by an operator, which are then broadcast as radio waves over the pager network. But pagers still offer benefits where newer technologies, like cell phones, fall down. Because they work a low frequency, pager radio waves are able to travel further and deeper inside large buildings — particularly hospitals — which have thickened walls to protect others from X-rays and other radiation. Pagers also work across long distances, including in cell service dead-spots.

Although pagers encode messages before transmission, that’s a very different thing from encryption. And, apparently, all that is required to pick up and decode the messages sent via pagers is “a $20 plug-in dongle and an antenna”.

But perhaps what’s most extraordinary is how this problem of pagers leaking NHS data came to light. It wasn’t because a security researcher investigated the issue and found the sensitive data swirling around the radio spectrum. Instead, a teenager in Florida who was investigating exposed webcams broadcasting freely to the internet stumbled across a camera pointed at the screen of a radio ham in North London.

The unidentified radio enthusiast had been picking up the pager communications from a nearby NHS trust.

According to TechCrunch, the radio enthusiast was informed of the problem by his ISP and the webcam is no longer broadcasting the sensitive data to all and sundry – no password required.

But that doesn’t mean that medical and health information does not continue to be communicated via NHS pagers, unencrypted for anyone to intercept…

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Medical data is being leaked by NHS pagers, and then broadcast for the world to see…”

  1. Spryte

    Pagers, like mobile phones (no matter how much you dress them up) are just different typed of radios.
    The sooner people and administrations realize that the safer we'll all be.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.