His tinkering did not trigger a data breach, it was already taking place, unencrypted, over the air. Anyone with a cheap SDR could do this, and indeed, hospitals in my area are doing the very same thing (despite previously being investigated for it and ‘stopping’). Having reached out to seemingly eager administration at these and being subsequently ghosted, I am at a loss of what to do. I know enough that hosting it will probably go extremely poorly for me. The data broadcasted right now has PII, but during covid had an exceptional amount of information. It’s not clear where this data is coming from, as the local hospital pagers are the old phone-type, but maybe Cerner is broadcasting it all for some reason?