What happened
In January 2021 it was reported that personal details of Tasmanians who had called an ambulance were being captured from Ambulance Tasmania’s paging (pager) network and published on a website in near real time [at-examiner], [at-upguard]. The exposed information reportedly included patient names, the location of the incident, age, gender and the medical condition or nature of the callout, and in at least one case a patient’s HIV status [at-examiner]. The data flowed from unencrypted paging transmissions that a third party intercepted, decoded and posted online [at-upguard].
Timeline
- 2020-11 — Data reportedly began appearing on the offending website from around November 2020 [at-upguard].
- 2021-01 — The breach was publicly reported and referred to Tasmania Police [at-examiner].
Current status
Disclosed and investigated. The matter was referred to Tasmania Police and the Tasmanian Department of Health, the offending website was blocked, and steps were taken to stop personal information being sent over the paging network [at-examiner], [at-upguard]. Reporting described the exposure as covering everyone who had called an ambulance since late 2020, but no official count of affected individuals was published, so no figure is asserted here.
Why it matters
Emergency-dispatch data is among the most sensitive personal information a health service holds — it reveals where someone was, when, and why they needed help. Sending it over an unencrypted paging network left it open to anyone able to receive those signals.