Pager security in healthcare

The threats posed by unencrypted pagers

We recently had a chance to interview Adam Greene, a lawyer in Washington D.C. with the firm Davis Wright Tremaine LLP. One of Adam’s most intriguing cases occurred in 2014 with a hospital client. This hospital’s doctors and staff used pagers to routinely communicate about a patient’s status or immediate needs. This type of communication is quite routine. However, unbeknownst to the hospital, the sensitive information employees exchanged on pagers was monitored and recorded by individuals outside of the hospital.

The paging landscape

Pagers are a dying breed outside of the hospital. However, pagers are still very much alive in medicine. Approximately 90 percent of hospitals still use pagers and on average spend around $180,000 per year on maintaining and updating them. Hospitals continue to alert, message and communicate with doctors by using pagers because administrators find it difficult to replace legacy technologies.

Yet the risks of pagers are underappreciated as technology has escalated faster than the pace of pager development. Pager security in healthcare was designed long before cybercrime and hacking became issues. Due to the lack of encryption or authentication in paging systems, it’s near impossible to verify messages and thwart spoofing attempts.

HIPAA compliant messaging

Hospitals need to consider secure messaging as part of their overall HIPAA compliant strategy. While using a pager is not a HIPAA violation per se, the information exchanged on pagers has to be extremely circumspect and non-descriptive to ensure compliance.

For example, doctors could exchange simple information such as a phone number they should call or the need for cleaned sheets in a hospital room. However, any information that describes something specific about the patient’s condition such as:

The patient in room 2 is HIV positive

could not be exchanged as it represents too high of a risk if the information were intercepted. Even knowing this information though seems to have little impact on doctor behavior as doctors are focused on treating patients. They are not focused on the security of the messages they exchange.

Read our white paper to learn more about pager security in healthcare and how this hospital had its pagers hacked and patient information exposed.

In this White Paper we explore:

  • Why healthcare stays with pagers
  • The HIPAA risk of using pagers
  • The impact of a hacked pager

Download white paper here

Shawn Lazarus

Share
Published by
Shawn Lazarus

Recent Posts

From Tickets to Action: Ensuring Proactive IT Support with Jira and OnPage

We're excited to announce the launch of our bi-directional integration between OnPage and Jira! This…

3 days ago

OpsGenie End of Life? What’s next for OpsGenie users.

If you haven’t heard already (which would be shocking considering the numerous posts I’ve seen…

4 days ago

Reflections from HIMSS 2025: Conversations, Challenges & The Future

HIMSS 2025 is in the books, and after days of conversations, sessions, and navigating the…

3 weeks ago

The Need for Full-Stack Observability

In a recent survey, it was discovered that 57% of software developers' time is spent…

3 weeks ago

From Beeps to Breakthroughs: How Mobile Apps are Taking Over Pagers in Healthcare

In recent years, the healthcare industry has been facing a pivotal shift on the communication…

4 weeks ago

Why OnPage Outperforms Epic Secure Chat for Critical Communication

Electronic Health Records (EHRs) like Epic are undoubtedly pivotal to modern healthcare. With their intuitive…

1 month ago