Are Your Pagers Leaking PHI Data

by Dr Nick

Hospital Paging Systems Security

Blackhat
Mark Nunnikhoven Trend Micro

I spoke with Mark Nunnikhoven, VP of Cloud Research at Trend Micro talking about their recently published paper: Leaking Beeps: Unencrypted Pager Messages in the Healthcare Industry which were designed and built in an era when it took a lot of resources and technology to access the system but now all it takes a couple hundred dollars and a pc add-in and you are in.

“When pagers first came out the effort to interact with the system was high”

TL;dr Pagers in the Clinical setting are unencrypted and represent a security risk for breach of Personal Health Information

Mark’s Incremental step – don’t include PHI in any pager traffic, then get rid of pagers and replace with mobile devices that have end to end encryption

In their study they found that the transmissions are not encrypted and contain multiple elements of PHI – they saw lots of examples – (you can download the report here) but the summary of the exposure of PHI information in the unencrypted messages being sent analyzed by TrendMicro offers a peek into the potential breaches taking place on a daily basis

Mark also mentioned another report on Securing Connected Hospitals that looked at connected devices highlighting the huge increase in attacks on healthcare information systems in particular with Ransomware

 

 

Incremental Steps for Securing Your Pager System

  1. Don’t Include Personal Health Information in Pages but rather ask for a Call Back
  2. Replace the Old Style Pagers with New Technology and Devices, and
  3. When Building Devices you must build security into the product

 


You can also follow me here on medium, on twitter, or on facebook or Sign up to receive my posts each week


Leave a comment

*

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.