Pagers used within the United Kingdom’s National Health Service are leaking sensitive patient information, and an amateur radio enthusiast has been broadcasting some of that medical data on a webcam livestream, a security researcher has found.
TechCrunch reports that Florida-based security researcher Daley Borda stumbled upon the strange confluence of archaic tech that flowed together to create a security nightmare.
Borda regularly scans the internet looking for concerning privacy and security activity. He recently discovered a grainy livestream showing a radio rig in North London that picked up radio waves and converted the transmissions into text that was displayed on a computer screen, according to TechCrunch. The hobbyist had set up a webcam that captured what was on the display, which showed medical emergencies as they were being reported. The webcam reportedly had no password, so anyone could find it and see the messages that showed directions meant for ambulances responding to emergency calls.
“You can see details of calls coming in—their name, address, and injury,” Borda told TechCrunch, which verified his discovery.
The tech news outlet reviewed several concerning messages that showed the location where people were reporting medical emergencies, including one that showed the address where a 49-year-old man was having chest pains and one that showed the address of a 98-year old man who had fallen.
A spokesperson for NHS told Gizmodo that the NHS consists of several different organizations, like hospital trusts and ambulances trusts, and “each organization is responsible for the technology it buys and uses (including pagers).” They pointed Gizmodo to a statement that Health and Social Care Secretary Matt Hancock issued in February instructed the NHS to stop using pagers by 2022. In his statement, he said the NHS uses 130,000 pagers.