Security

Pagers leaking patients’ protected health information: Trend Micro

Pagers leaking patients’ protected health information: Trend Micro

Trend Micro Forward-Looking Threat Research team reported about weakness identified in pager technology. The company reported how there are several possible attack scenarios where an attacker makes use of information from unencrypted pager messages to do reconnaissance, social engineering, or some form of targeted attack or sabotage.

With private information being sent over the air through paging technologies that have no encryption and authentication, an obvious attack is to take advantage of the information against a potential target. Privacy regulations in various countries have prohibited protected health information from being leaked. However, this research reveals that the lack of encryption on private information has been overlooked for a long time.

What is exposed from the protected health information (PHI) may include email, phone numbers, and date of birth, syndromes, and diagnosis, among others. In addition, cybercriminals may be able to track specific cases based on medical record numbers in the sent pages. This allowed them to follow a patient’s transaction with the hospital: from the time a patient’s case is transferred from an outside facility, all the steps taken to assess, diagnose and treat the patient, up until the patient is discharged.

Lots of information can be seen from sniffing pager messages. However, it is also possible to inject your own pages if you have basic information about the systems in use. Without encryption and authentication, pager messages are easy to spoof as there is no way to verify that the messages are sent from trusted and known sources.

More importantly, our researchers also outline actionable recommendations for healthcare organizations that are still using pagers in an unsecure way today.

Pagers are secure, right? We’ve used them for decades, they are hard to monitor, and that’s why some of our most trusted industries use them, including the healthcare sector.

Nope. Wrong. All it took to see hospital information in clear text from hundreds of miles (away is an SDR software and a USB dongle. The problem with pagers—like many other technologies—is that they were designed and developed in a bygone era, and very few people go back to see if current technologies easily break the trust we had in these older ones or not (by virtue of making ease of monitoring—accidental or intentional—something easily done by a common person).

This research was done with tools easily purchased from Amazon for less than US$30. This tells us that monitoring is literally within the reach of children, a bored teenager or a criminal mind with a monetary interest. We saw this problem across the globe, including Asia, Europe, and North America, which means it’s not an isolated occurrence that we by chance witnessed in one country or a singular organization. It really is a result of a belief in the idea that technology never ages, though some might say this ‘belief’ is, in fact, a form of negligence of the implications of outdated technologies in a new environment.

Most Popular

The Red Mark has been established as a news portal to act as a conduit between the booming startup economy and the established, traditional players. Today's startups are tomorrow's small and medium business or large enterprise and we believe that no one can afford to be an island; if both work in tandem they can learn a lot from each other.

Contact Us

Address : 570, first floor, sector 22B , Gurgaon - 122015

Contact No. : 0124-4377494

For Any Query Please write below


Editorial : karma@theredmark.net

Advertisement : hem@theredmark.net

Subscribe to Our Newsletter





CAPTCHA


copy the digits from the image into this box

Copyright © 2016-2017 The Red Mark. All Rights Reserved.

To Top