Breach Notification , Governance & Risk Management , Incident & Breach Response
Paging System Leak Affects Thousands of Patients
Data From Communications With Paramedics Posted OnlineA recent leak of data – including HIV status and mental health information - from a paging system used by paramedics in the Australian state of Tasmania is the latest reminder of the security risks posed by the legacy systems used in the healthcare sector.
See Also: Improving Security Compliance in The Financial Industry With Data Privacy Regulations
An unidentified unauthorized actor posted on a website more than 26,000 pages of data related to calls since last November to Ambulance Tasmania, an emergency care and transport service of the Tasmania Department of Health, according to Australian news site ABC News.
ABC News reports that the public website posting the leaked ambulance communications had been taken offline and that work was underway by the Australian Cyber Security Center “to pursue shutdown should it re-emerge."
Leaked unencrypted pager messages contained patients' personal information, including age and gender, as well as health conditions, ABC News reports.
Ambulance Tasmania's paging system is currently the primary method of initial communications between the emergency agency's communications center and paramedics on the ground, ABC News reports.
The Tasmanian Health Department did not immediately respond to an Information Security Media Group request for comment and details about the incident.
Upgrade in the Works
Tasmania officials last month disclosed plans to overhaul the state’s emergency communications system.
The state government on Dec. 23 announced it had signed a $567 million contract with Australian telecommunications vendor Telstra to upgrade the state’s multiagency emergency radio communications, including the system that Ambulance Tasmania uses.
The new Tasmanian Government Radio Network, or TasGRN, will replace five radio networks with one digital, public safety-grade radio network to be delivered by Telstra and supported by Motorola Solutions, according to Jeremy Rockliff, acting Tasmania premier.
The project is slated to begin in 2021, and user organizations are expected to begin migrating over to the new network in the 2022-23 fiscal year, he adds.
“Once complete, the project will provide secure and mission-critical voice and data communications as part of the Tasmanian government’s plan to keep Tasmanians safe,” Rockliff says.
Other Incidents
Last summer, medical information on thousands of patients - including COVID-19 patients – in Western Australia was leaked onto a website allegedly set up by a teenager (see: 9News./p>
Tech Laggards?
While the use of pagers in healthcare might seem outdated and rare, many large healthcare institutions across the globe are still using the communication technology or are phasing it out.
In early 2019, the United Kingdom's National Health Service ordered the removal of pagers for non-emergency communications by the end of 2021.
"Staff will instead use modern alternatives, such as mobile phones and apps. These can deliver more accurate two-way communications at a reduced cost," the NHS said.