Australia’s Department of Health Suffers PHI Breach Due to Pagers

In an unprecedented incident that has left medical authorities in Western Australia (WA) in disbelief, a local teenager has been found to be the mastermind behind a massive data breach. The breach intercepted thousands of names, phone numbers and communications between doctors responding to the COVID-19 crisis from their pagers.

This is an unfortunate incident and a simple reminder of how pagers jeopardize the security of sensitive patient information. 

In this post, I’ll provide more insight into the latest data breach, followed by advice on how healthcare IT personnel can prevent these events in the future. 

WA Department of Health: Latest Victim of a Patient Information Breach

The WA Department of Health is reeling from the aftermath of a data breach that has made medical records available to the public. The data leak was associated with the use of a third-party pager service. The department had deployed pagers, believing that they were 100 percent reliable and secure. This demonstrates how healthcare authorities can easily jeopardize patient information with legacy tech. 

What made this incident far more concerning was that it didn’t take a sophisticated hacker to carry out the crime. A local 16-year-old orchestrated the breach with little coding knowledge and without access to sophisticated hardware. Yet, the attacker successfully intercepted the paging network and later posted the medical data online.

Australian health authorities have since transitioned to a two-way SMS system, a move away from using public airwaves to transmit information. However, this measure isn’t a fool-proof way to avoid future data breaches. 

Enhance Information Security With Pager Apps

Pager apps are mobile communication tools designed to protect medical data. They’re secure alternatives to traditional pagers and SMS. The apps enable healthcare providers to communicate with patients and team members securely. These applications also enable system administrators to audit the transmission and access of electronic PHI (ePHI) to help meet Australia’s Privacy Act.

Secure Communications With OnPage Pager Replacement

OnPage’s pager replacement service allows organizations to enhance clinical communications and collaboration. Care teams can use OnPage pager replacement for the following:

• Data protection—remotely wipe sensitive patient information
• Encryption—communicate via encrypted, secure messaging between internal staff
• Access control—create users and assign roles and permissions
• Alert notifications—override the silent switch on all devices and bring critical alerts to the forefront
• Track message delivery status—messages are equipped with sent, delivered and read receipts
• Manage on-call schedules—configure on-call scheduling for multiple individuals and groups
• Set up escalation criteria—ensure critical alerts are never missed. Escalate incidents to the next person if the first individual isn’t available
• Send attachments—add medical images and voice attachments to secure messages
• Live call routing—direct patient calls to the on-call physician’s mobile device

Healthcare leads all industries in cybersecurity breaches. To avert future breaches, hospitals must conduct an audit of existing technologies and identify system vulnerabilities. This is the first step toward adopting next-generation paging alternatives and transforming the way care team communications take place.