Leaking Beepers Can Open Doors for Hackers

SCRANTON, Pa. -- Your health care provider may unknowingly have opened a door for identity thieves to steal your personal information.

It's because a low-tech communications device from the 1990s is still in use in some health care systems.

It's probably been 15 years since you've even seen a pager and even longer since you used one.

According to the Journal of Hospital Medicine, 85 percent of hospitals across the U.S. still use pagers, also known as beepers, but these beepers can also leak private information.

When Andy Shecktor tinkered with his ham radio gear from his home in Berwick earlier this year, he used with a $20 antenna normally used to pick up TV channels and a free software program and stumbled onto some private information.

"I started looking and then I started realizing, hey, there's information, there's patients, there's date of birth, there's conditions," Shecktor recalled.

This personal information comes from pagers used from 15 hospitals and other health care providers from Harrisburg to New Jersey.

A hacker could link the patients' names to conditions ranging from severe hyperglycemia, poorly managed diabetes, to end-stage renal disease.

Patients' prescriptions are also beeped to and from doctors, anything from antidepressants to painkillers.

"It's hugely dangerous. It could actually lead to identity theft," said Kevin Quinn.

Area attorney Kevin Quinn is an expert on privacy laws. Quinn says hospitals still use pagers because the device's low frequency does not interfere with high-tech medical equipment in places like emergency rooms and operating rooms.

But older beepers do not encrypt or scramble the private information sent.

"It really is exposing that patient information to anybody out there who may be looking to intercept it or may stumble across it," Quinn said.

The cybersecurity firm Trend Micro warns hackers might look for:

  • prescriptions, especially painkillers,
  • personal information to commit fraud,
  • health insurance information to file false claims.

Do area medical providers even know they're putting information at risk?

"I hope and expect that they're honestly unaware," Quinn said.

we Received statements from the area's two largest hospitals systems.

Geisinger says it "has been migrating away from pagers in favor of using more secure communications tools."

Commonwealth Health claims it recently, "acquired new pagers that carry encrypted data."

Both hospital systems said they would remind their professionals using pagers to be aware of what they send.

Andy Shecktor says he's still concerned.

"This needs to be brought up across the country."
There are no known cases of identity theft through information obtained through pagers.

Shecktor says by exposing the problems with pagers, he hopes hospitals will slam shut what is now an open door for identity thieves.

Notice: you are using an outdated browser. Microsoft does not recommend using IE as your default browser. Some features on this website, like video and images, might not work properly. For the best experience, please upgrade your browser.