Western Australia Department of Health

Confidential patient information from WA Health was published online after a breach traced to a third-party pager service, with a teenager allegedly responsible for accessing and distributing the data.

What Happened

Patient information from Western Australian health services was accessed and published online. The breach was traced to PageUp, a third-party pager notification service used by WA Health to send appointment reminders and notifications to patients. The unencrypted pager system transmitted patient names, phone numbers, and appointment details over publicly accessible radio frequencies.

A minor allegedly accessed these transmissions and published patient information online, exposing the inadequate security of the legacy paging infrastructure still in use across the healthcare system.

Impact on Individuals

Affected patients had their names, phone numbers, and health appointment details exposed publicly. While full medical records were not compromised, the exposure of health service usage could enable discrimination, harassment, or privacy violations. The public nature of the data publication amplified the privacy harm.

Organisational Response

WA Health launched an investigation and referred the matter to police. The incident prompted a review of the continued use of unencrypted pager systems in healthcare and accelerated moves toward more secure digital notification methods. The case highlighted the vulnerability of legacy healthcare infrastructure to privacy breaches.