A nonprofit privacy advocacy group called Open Privacy Research Society discovered that the sensitive medical information of patients being admitted to certain hospitals across the Greater Vancouver Area is being broadcast, unencrypted, by hospital paging systems, and that these broadcasts are easily interceptable. The society discovered the vulnerability and notified Vancouver Coastal Health (VCH) immediately almost a year ago, but VCH ignored and downplayed the vulnerability for months.
Some of the patient data (PHI) being broadcast includes the following:
- Gender marker
- Attending doctor and room number