We recently had a chance to interview Adam Greene, a lawyer in Washington D.C. with the firm Davis Wright Tremaine LLP. One of Adam’s most intriguing cases occurred in 2014 with a hospital client. This hospital’s doctors and staff used pagers to routinely communicate about a patient’s status or immediate needs. This type of communication is quite routine. However, unbeknownst to the hospital, the sensitive information employees exchanged on pagers was monitored and recorded by individuals outside of the hospital.
Pagers are a dying breed outside of the hospital. However, pagers are still very much alive in medicine. Approximately 90 percent of hospitals still use pagers and on average spend around $180,000 per year on maintaining and updating them. Hospitals continue to alert, message and communicate with doctors by using pagers because administrators find it difficult to replace legacy technologies.
Yet the risks of pagers are underappreciated as technology has escalated faster than the pace of pager development. Pager security in healthcare was designed long before cybercrime and hacking became issues. Due to the lack of encryption or authentication in paging systems, it’s near impossible to verify messages and thwart spoofing attempts.
Hospitals need to consider secure messaging as part of their overall HIPAA compliant strategy. While using a pager is not a HIPAA violation per se, the information exchanged on pagers has to be extremely circumspect and non-descriptive to ensure compliance.
For example, doctors could exchange simple information such as a phone number they should call or the need for cleaned sheets in a hospital room. However, any information that describes something specific about the patient’s condition such as:
The patient in room 2 is HIV positive
could not be exchanged as it represents too high of a risk if the information were intercepted. Even knowing this information though seems to have little impact on doctor behavior as doctors are focused on treating patients. They are not focused on the security of the messages they exchange.
Read our white paper to learn more about pager security in healthcare and how this hospital had its pagers hacked and patient information exposed.
Gartner’s Magic Quadrant for CC&C recognized OnPage for its practical, purpose-built solutions that streamline critical…
Site Reliability Engineer’s Guide to Black Friday It’s gotten to the point where Black Friday…
Cloud engineers have become a vital part of many organizations – orchestrating cloud services to…
Organizations across the globe are seeing rapid growth in the technologies they use every day.…
How Effective Are Your Alerting Rules? Recently, I came across this Reddit post highlighting the…
What Are Large Language Models? Large language models are algorithms designed to understand, generate, and…