Breach Notification , Governance & Risk Management , Incident & Breach Response

Paging System Leak Affects Thousands of Patients

Data From Communications With Paramedics Posted Online
Paging System Leak Affects Thousands of Patients

A recent leak of data – including HIV status and mental health information - from a paging system used by paramedics in the Australian state of Tasmania is the latest reminder of the security risks posed by the legacy systems used in the healthcare sector.

See Also: Improving Security Compliance in The Financial Industry With Data Privacy Regulations

An unidentified unauthorized actor posted on a website more than 26,000 pages of data related to calls since last November to Ambulance Tasmania, an emergency care and transport service of the Tasmania Department of Health, according to Australian news site ABC News.

ABC News reports that the public website posting the leaked ambulance communications had been taken offline and that work was underway by the Australian Cyber Security Center “to pursue shutdown should it re-emerge."

Leaked unencrypted pager messages contained patients' personal information, including age and gender, as well as health conditions, ABC News reports.

Ambulance Tasmania's paging system is currently the primary method of initial communications between the emergency agency's communications center and paramedics on the ground, ABC News reports.

The Tasmanian Health Department did not immediately respond to an Information Security Media Group request for comment and details about the incident.

Upgrade in the Works

Tasmania officials last month disclosed plans to overhaul the state’s emergency communications system.

The state government on Dec. 23 announced it had signed a $567 million contract with Australian telecommunications vendor Telstra to upgrade the state’s multiagency emergency radio communications, including the system that Ambulance Tasmania uses.

The new Tasmanian Government Radio Network, or TasGRN, will replace five radio networks with one digital, public safety-grade radio network to be delivered by Telstra and supported by Motorola Solutions, according to Jeremy Rockliff, acting Tasmania premier.

The project is slated to begin in 2021, and user organizations are expected to begin migrating over to the new network in the 2022-23 fiscal year, he adds.

“Once complete, the project will provide secure and mission-critical voice and data communications as part of the Tasmanian government’s plan to keep Tasmanians safe,” Rockliff says.

Other Incidents

Last summer, medical information on thousands of patients - including COVID-19 patients – in Western Australia was leaked onto a website allegedly set up by a teenager (see: 9News.

Tech Laggards?

While the use of pagers in healthcare might seem outdated and rare, many large healthcare institutions across the globe are still using the communication technology or are phasing it out.

In early 2019, the United Kingdom's National Health Service ordered the removal of pagers for non-emergency communications by the end of 2021.

"Staff will instead use modern alternatives, such as mobile phones and apps. These can deliver more accurate two-way communications at a reduced cost," the NHS said.


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.