Pager security in healthcare

The threats posed by unencrypted pagers

We recently had a chance to interview Adam Greene, a lawyer in Washington D.C. with the firm Davis Wright Tremaine LLP. One of Adam’s most intriguing cases occurred in 2014 with a hospital client. This hospital’s doctors and staff used pagers to routinely communicate about a patient’s status or immediate needs. This type of communication is quite routine. However, unbeknownst to the hospital, the sensitive information employees exchanged on pagers was monitored and recorded by individuals outside of the hospital.

The paging landscape

Pagers are a dying breed outside of the hospital. However, pagers are still very much alive in medicine. Approximately 90 percent of hospitals still use pagers and on average spend around $180,000 per year on maintaining and updating them. Hospitals continue to alert, message and communicate with doctors by using pagers because administrators find it difficult to replace legacy technologies.

Yet the risks of pagers are underappreciated as technology has escalated faster than the pace of pager development. Pager security in healthcare was designed long before cybercrime and hacking became issues. Due to the lack of encryption or authentication in paging systems, it’s near impossible to verify messages and thwart spoofing attempts.

HIPAA compliant messaging

Hospitals need to consider secure messaging as part of their overall HIPAA compliant strategy. While using a pager is not a HIPAA violation per se, the information exchanged on pagers has to be extremely circumspect and non-descriptive to ensure compliance.

For example, doctors could exchange simple information such as a phone number they should call or the need for cleaned sheets in a hospital room. However, any information that describes something specific about the patient’s condition such as:

The patient in room 2 is HIV positive

could not be exchanged as it represents too high of a risk if the information were intercepted. Even knowing this information though seems to have little impact on doctor behavior as doctors are focused on treating patients. They are not focused on the security of the messages they exchange.

Read our white paper to learn more about pager security in healthcare and how this hospital had its pagers hacked and patient information exposed.

In this White Paper we explore:

  • Why healthcare stays with pagers
  • The HIPAA risk of using pagers
  • The impact of a hacked pager

Download white paper here

Shawn Lazarus

Share
Published by
Shawn Lazarus

Recent Posts

OnPage’s Strategic Edge Earns Coveted ‘Challenger’ Spot in 2024 Gartner MQ for Clinical Communication & Collaboration

Gartner’s Magic Quadrant for CC&C recognized OnPage for its practical, purpose-built solutions that streamline critical…

2 days ago

Site Reliability Engineer’s Guide to Black Friday

Site Reliability Engineer’s Guide to Black Friday   It’s gotten to the point where Black Friday…

2 weeks ago

Cloud Engineer – Roles and Responsibilities

Cloud engineers have become a vital part of many organizations – orchestrating cloud services to…

1 month ago

The Vitals Signs: Why Managed IT Services for Healthcare?

Organizations across the globe are seeing rapid growth in the technologies they use every day.…

1 month ago

How Effective are Your Alerting Rules?

How Effective Are Your Alerting Rules? Recently, I came across this Reddit post highlighting the…

2 months ago

Using LLMs for Automated IT Incident Management

What Are Large Language Models?  Large language models are algorithms designed to understand, generate, and…

2 months ago