The Premier of Western Australia, Mark McGowan, issued an apology after confidential messages from the Health Department were published online by a 15-year-old boy. The messages were originally transmitted using a pager service and contained the personal details of individuals receiving COVID-19 treatment. The website has since been shut down and the responsible individual has been identified and visited by the police.
In response to the incident, Mr. McGowan stated that a full investigation would be conducted to determine if other agencies were using paging services to transmit sensitive information. He was unaware of the compromise until a news report brought it to his attention. Mr. McGowan also expressed surprise that pagers were still being used by some government services, stating that SMS text messages were far more secure.
The Health Department has since discontinued its use of the paging service and has implemented a “double SMS” system instead. A spokesperson for Vodafone, the operator of the pager service, stated that paging networks were not able to be encrypted, unlike mobile phone networks, which use encryption to protect customer communications. The Department of Health has stated that their own data systems remain secure and they will investigate whether staff using the service to transmit sensitive information were aware it was not encrypted.
The incident has been deemed a data breach by the State Opposition, who called for the government to ensure sensitive information is only transmitted using an encrypted system. The police investigation revealed that the boy had not accessed or compromised any government websites or databases, nor had he targeted COVID-19 messages. The investigation is ongoing.